Skip to main content

Example: Configure the API SOAP service for external API access

This example demonstrates how to create a product administrator with the IDAPI caller privilege and configure the Bravura Security API SOAP service for external API access. This setup allows a third-party application to communicate with Bravura Security Fabric .

With this configuration, a third party application can be configured to use the administrator account and the configured API SOAP service to communicate with Bravura Security Fabric .

For example, a ticket is raised in ServiceNow for a new employee. ServiceNow communicates with Bravura Security Fabric to submit a request for an account creation in Bravura Security Fabric .

Create a user with the IDAPI caller privilege

To create the user:

  1. Log in to your instance as a superuser.

  2. Click Manage the system > Security > Access to product features > Individual administrators.

    38091.png

  3. Click Add new…

  4. Fill in the relevant information.

    38092.png

  5. Set a password.

  6. Grant the user the "IDAPI Caller" privilege.

  7. Configure the IP address with CIDR bitmask to include the IP address of the the servers of the third party applications which have to be allowed to make API calls into the idapisoap endpoints.

    In case the calls arrive via any form of IP translation (Network Address Translation network devices, HTTP proxies or other network gateways), both the IPs included in the HTTP requests at the source and the IPs seen when the request reaches the idapisoap service must be included. If left empty, everything except being called from the localhost (127.0.0.0) will be refused.

  8. Click Add.

  9. Add the API administrator profile to any administrative groups or user classes which will provide it with the privileges required to run the operations on the data inside the application;for example, if the API profile is used in a voice recognition bot integration (IVR), add the API to the user class EXPLICIT_API_USERS_TPM or a similar one.

Set up the Bravura Security API SOAP service

This step specifically assist with the IIS binding that is needed for the service to run. For more detailed information about the API SOAP Service, see API SOAP Service .

  1. Log in to your instance as a superuser.

  2. Click Manage the system > Maintenance > Service.

    38094.png

  3. Click the Bravura Security (idapisoap) API SOAP Service.

    38095.png

  4. In the Endpoints for the IDAPI SOAP native service field enter the appropriate comma separated values. For example, http://localhost/<Your Instance>/idapi . In the case of a fully qualified domain, ensure that you add in a similar fashion for both http and https.

  5. Click Update.

  6. Stop and start the service so that these settings will be recognized by the service. This is a requirement to update this setting. This will also have to be done any time the settings change.

    If you have multiple nodes, repeat these steps to set the endpoints on all nodes. This is not a setting that will automatically propagate through the synchronization process.

Sample script in Python

This following script is an example of an API call to display the known attributes for a specific profile to ensure you have a successful connection and can list data.

from zeep import Client
from zeep.helpers import serialize_object
# Update with appropriate URL
wsdl = 'http://localhost/test/idapi/wsdl'
# Update with appropriate API user that you created
api_user = 'API_TEST_USER'
# Update with appropriate password that you set
api_pass = 'SomethingRandom123456!'
# Update with appropriate profileID from your system
profile = '100005'
class ApiError(Exception):
  pass
def assert_api_op(ret, op=None):
  if ret.rc != 0 and ret.rc != 1:
    if op:
      raise ApiError('{} Error#{}: {}'.format(op, ret.rc, ret.errmsg))
    else:
      raise ApiError('Error #{}: {}'.format(ret.rc, ret.errmsg))
  return ret.sessdat
client = Client(wsdl)
LoginRequest = {
  'userid': api_user,
  'password': api_pass,
  'isadmin': 1,
  'options': '',
  'sessdat': ''
}
LoginResponse = client.service.Login(LoginRequest)
sess = assert_api_op(LoginResponse, 'Login')
UserStatusGetResponse = client.service.UserStatusGet(
  {'userid': profile, 'sessdat': sess})
sess = assert_api_op(UserStatusGetResponse, 'UserStatusGet')
UserStatus = serialize_object(
  UserStatusGetResponse.output.UserStatusGet_vectorOutput[0])
print("      Profile: {}".format(profile))
for k,v in UserStatus.items():
  print("{:>18}: {}".format(k, v))
In this section: