Amplify Platform

How to create a Service Account in order to make Axway Amplify Platform API calls

Axway Amplify Platform API calls

Client Secret-based Amplify Service accounts are required in order to make Axway Amplify Platform API calls to do things like approving a Unified Catalog API Subscription request or to modify Amplify Organization Members and Teams via API calls.

There are several ways to do this. In this blog post, we will describe two: Using the Axway Platform UI and using the Axway CLI.

Method 1: Using the Axway Platform UI (User Interface)

* In the platform UI, go to the Organization and select Service Accounts

* Click on the + Service Account button
* Provide a name and see the Client ID being created based on the name you provide
* For Authentication, select Client Secret
* For the Credentials, select either Provide secret or Platform-generated secret. I selected Platform-generated secret
* For the Org Roles, select Central Admin (e.g. for doing Central stuff)

* Click Save and see your secret. You’ll need to copy it since it will not be visible again ever.

* For example, here are my Client Id and Secret for Service Account sa-test:

sa-test_8cde1a18-2aeb-4bcd-85d5-cfb53ec9efb4
f5409fb3-b3ad-4257-a868-e3f3684f12f5

Method 2: Using the Axway CLI

* From the command line, log into the platform using:

axway auth login

* Create a service account using:

axway service-account create

* Enter a name and description

* Select the client secret Authentication method as either “Auto-generated client secret key” or “Custom client secret key.” I selected “Custom client secret key”

* Enter a client secret. I used an online UUID generator. You need to remember this secret as it will not be displayed anywhere.

* For the Roles, select Central Admin (e.g. for doing Central stuff)

* Your service account will now be created:

* You can see your service account in the UI:

* You can also see your service account using the CLI:

axway service-account list

* For example, here are my Client Id and Secret for Service Account sa-test:

sa-test_8cde1a18-2aeb-4bcd-85d5-cfb53ec9efb4
3f1fb67b-ab67-4624-bb71-1622df39ca52

Note that I used Axway CLI 3.0.0 beta 5 to create this service account using the CLI.

Make Axway Platform API Calls

Now that you have your Client ID and Secret, you can make Axway platform API calls.

In order to make Platform API calls, we need to use our Client ID (username) and Secret (password) and base64 encode them as username:password for Basic Authentication in order to retrieve an access token that we’ll use for all subsequent calls. This is done as a POST to https://login.axway.com/auth/realms/Broker/protocol/openid-connect/token. A sample curl command is shown below:

curl --location --request POST 'https://login.axway.com/auth/realms/Broker/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic c2EtdGVzdF84Y2RlMWExOC0yYWViLTRiY2QtODVkNS1jZmI1M2VjOWVmYjQ6ZjU0MDlmYjMtYjNhZC00MjU3LWE4NjgtZTNmMzY4NGYxMmY1' \
--data-urlencode 'grant_type=client_credentials'

The response will be similar to:

{
    "access_token": "eyJhbGci...xURV5g",
    "expires_in": 1800,
    "refresh_expires_in": 0,
    "token_type": "bearer",
    "not-before-policy": 1571719187,
    "scope": "email profile"
}

Now you can use the access_token in your API requests. For example, to retrieve a list of Environments in your Organization you can make a GET request to `/apis/management/v1alpha1/environments` as follows:

curl --location --request GET 'https://apicentral.axway.com/apis/management/v1alpha1/environments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGci...xURV5g'

The response will be similar to:

[
    {
        "group": "management",
        "apiVersion": "v1alpha1",
        "kind": "Environment",
        "name": "aws",
        "title": "aws",
        "metadata": {
            "id": "8a2e862d779860e20177a6888d450233",
            "audit": {
      .
      .
      .
    },
    {
        "group": "management",
        "apiVersion": "v1alpha1",
        "kind": "Environment",
        "name": "v7b",
        "title": "v7b",
        "metadata": {
            "id": "8a2e8839781407c10178143caeec0031",
            "audit": {
      .
      .
      .
    },
    .
    .
    .
]

Summary

The Axway CLI and the Axway Platform UI make it easy to create a Client Secret Service Account so that we can make Axway Platform API calls. In this blog post, we showed how both can be used to do this.

Learn more about Axway API Management CLI.