Cumulocity IoT Feedback Portal
Add new feedback Subscribe
Status Clarification needed
Workspace Cumulocity IoT Platform Services
Categories Platform Management
Created by Frank Bauer
Created on Jun 23, 2023

RELATED FEEDBACK

API access control for hybrid cloud solutions

If a customer wants to integrate the Cumulocity Web services (APIs) into their own Web application, e.g. a self-service platform for realizing new business models, we call this a hybrid cloud solution. In this case, the customer must pay to use the Cumulocity APIs. To support this approach, API access management using API keys is required.


API Key Management

  • An API key provides access to an endpoint collection and can also restrict the methods that can be used by a consumer.

  • When an API key is created the following parameters can be set

    • The expiration time can be set or can be defined as "will never expire"

    • The REST API endpoint and methods (CRUD) can be added to the API key

    • The API key can be revoked if it is compromised or after contract termination

    • Any number of API keys can be generated

    • An API key is valid for a specific asset group and all sub-asset groups created under it.

  • Attach files
  • Frank Bauer
    Reply
    |     Mar 5, 2024

    Hi Jane,
    sorry for not replying to your comment for so long. You can read more about API access control and API key management at https://aws.amazon.com/what-is/api-key/?nc1=h_ls .

    Regards,

    Frank

  • Admin
    Jane Porter
    Reply
    |     Jul 13, 2023

    Hi Frank,

    Apologies for this feature bouncing around a bit, the use of words confused the issue a little. However, your response has provided the clarity required and in fact points to the request for Cumulocity IoT to provide the ability to generate a Personal Access Token for use by web applications when accessing the Cumulocity API. Can you confirm this is the case, Wikipedia has an explanation for personal access tokens which appears to be what you are asking for https://en.wikipedia.org/wiki/Personal_access_token

    Many thanks, Jane.

  • Frank Bauer
    Reply
    |     Jul 12, 2023

    Hi Rahul,

    my understanding is that WebMethods is used to access third-party backends. In this case, we are talking about the access to the Cumulocity backend and the backend of custom microservices running on the IIoT Cumulocity platform.

  • Admin
    Rahul Talreja
    Reply
    |     Jul 12, 2023

    Hi Frank

    Thank you for the feedback. Currently, we do not plan to implement this functionality as part of our standard product.

    However, we believe all the above requirements can be addressed by API Management capabilities of our webmethods.io API Gateway (Link). If you are interested, I would be happy to put you in contact with our experts at webmethods.io

  • Frank Bauer
    Reply
    |     Jun 27, 2023

    Hi Jane, yes, in such a use case we would charge a customer for API usage.

    Cheers, Frank

  • Admin
    Jane Porter
    Reply
    |     Jun 27, 2023

    Hi Frank,

    Many thanks for raising this Idea, we will look at it at our next Idea grooming meeting. In the meantime it is worth noting that Cumulocity IoT is billed on the number of measurements, events and alarms generated by a given device. Do I therefore infer that the business model for charging for API usage from a web application is one that your company wishes to use?

    Regards, Jane.