| copyright | lastupdated | ||
|---|---|---|---|
|
2018-12-14 |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:codeblock: .codeblock} {:pre: .pre}
The Blockchain Document Store service authenticates an application with an IBM Cloud IAM Service ID through the following interactions. Applications authenticate through the IBM Cloud IAM iam.ng.bluemix.net/oidc/token endpoint, and then exchange the returned IBM Cloud IAM Token for a service Onboarding Token, as follows:
-
A Network Administrator creates an IBM Cloud IAM Service ID for the application.
-
The application Service ID authenticates through the IBM Cloud IAM iam.ng.bluemix.net/oidc/token endpoint, and requests an IBM Cloud IAM Token:
curl -v -u "demo:demo" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=$USER_API_KEY" "https://iam.ng.bluemix.net/oidc/token" > iam.apikey.token -
The application adds the returned IBM Cloud IAM Token to the Authorization Header of an API request for a service Onboarding Token, which it passes to Blockchain Solution Manager for verification and decoding into human-readable strings:
curl -k -H "Content-Type: application/json" --data-binary @iam.apikey.token -X POST "/v1/iam/exchange_token/apps/{appId}" -
If verified, the application receives an Onboarding Token from Blockchain Solution Manager.
Note: The default Onboarding Token timeout is three hours.
Proceed to Manage documents.