diff --git a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/_index.md b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/_index.md index 8c747dbca..581bba29d 100644 --- a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/_index.md +++ b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/_index.md @@ -32,8 +32,10 @@ The Traceability Agent gathers API metrics only and does not support transaction * An Axway Amplify subscription in the Amplify platform * A platform service account. See [Managing service accounts](https://docs.axway.com/bundle/platform-management/page/docs/management_guide/organizations/managing_organizations/index.html#managing-service-accounts) * An Amplify environment. See [Create an environment](/docs/integrate_with_central/cli_central/cli_environments/) -* Sensedia API Gateway with API Manager v5 access -* Client ID and Client Secret credentials for Sensedia API authentication +* Sensedia API Gateway with API Manager access +* Sensedia authentication credentials + * Client ID and Client Secret for OAuth + * Static Token * Docker environment for running the agents * Network access from agent host to Sensedia API Gateway and Amplify platform diff --git a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/administration-operation.md b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/administration-operation.md index 751c83aec..a56b67c6b 100644 --- a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/administration-operation.md +++ b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/administration-operation.md @@ -16,8 +16,8 @@ Each Sensedia Gateway is represented by an Amplify environment allowing you to b ### Minimum requirements * [Amplify Platform Service Account](/docs/integrate_with_central/cli_central/cli_install/#option-2---authenticate-and-authorize-your-service-account) -* [Sensedia API Gateway with API Manager v5](https://docs.sensedia.com/en/api-platform-guide/4.14.x.x/index.html) -* Client ID and Client Secret credentials for Sensedia API authentication +* [Sensedia API Gateway with API Manager](https://docs.sensedia.com/en/api-platform-guide/4.14.x.x/index.html) +* Sensedia authentication credentials (either Client ID Client Secret for OAuth or static token) * Docker environment for running the agents * Network connectivity from agent host to Sensedia API Gateway and Amplify platform @@ -32,14 +32,20 @@ The Sensedia agents are delivered as Docker images and can be deployed in any Do ### Authentication and authorization -The Sensedia agents use OAuth 2.0 client credentials flow for authentication with the Sensedia platform: +The authentication method is automatically detected based on the configured credentials. Configure either `SENSEDIA_AUTH_CLIENTID` and `SENSEDIA_AUTH_CLIENTSECRET` for OAuth, or `SENSEDIA_AUTH_TOKEN` for Static Token Authentication. -1. **Client Credentials**: The agent uses a configured Client ID and Client Secret -2. **Token Endpoint**: Authentication requests are made to `/user-management/v1/oauth2/token` -3. **Bearer Token**: All API calls use the obtained Bearer token -4. **Token Refresh**: The agent automatically refreshes tokens when they expire +The Sensedia agents support two authentication methods: -The Bearer token includes tenant information, so no additional tenant configuration is required. +* **OAuth 2.0 Client Credentials** + 1. **Client Credentials**: The agent uses a configured Client ID and Client Secret + 2. **Token Endpoint**: Authentication requests are made to `/user-management/v1/oauth2/token` + 3. **Bearer Token**: All API calls use the obtained Bearer token with `Authorization: Bearer ` header + 4. **Token Refresh**: The agent automatically refreshes tokens when they expire + +* **Static Token Authentication** + 1. **Static Token**: The agent uses a pre-configured authentication token + 2. **Header**: All API calls include the `Sensedia-Auth: ` header + 3. **No Refresh**: Static tokens do not expire and require no refresh mechanism ## Discovery Agent features @@ -124,20 +130,21 @@ The Traceability Agent collects API call metrics from Sensedia environments and ### Environment variables -| Variable | Description | Required | Default | Example | -|----------|-------------|----------|---------|---------| -| `SENSEDIA_BASEURL` | Sensedia platform base URL | Yes | | `https://platform-production.sensedia.com` | -| `SENSEDIA_AUTH_CLIENTID` | Client ID for authentication | Yes | | `id` | -| `SENSEDIA_AUTH_CLIENTSECRET` | Client Secret for authentication | Yes | | `` | -| `SENSEDIA_DEVELOPEREMAIL` | Email for application creation (Discovery Agent only) | Yes | | `developer@company.com` | -| `SENSEDIA_ENVIRONMENTS` | Comma-separated list of environments | No | `""` (all environments) | `Production,Development` | -| `SENSEDIA_FILTER` | API discovery filter expression | No | `""` (no filtering) | `tag.Axway_axway.Exists()` | -| `SENSEDIA_POLLINTERVAL` | Discovery/Traceability poll interval | No | `30m` | `5m` | -| `SENSEDIA_DISCOVERYIDENTITYAPIS` | Discover identity APIs | No | `false` | `true` | -| `SENSEDIA_DISCOVERYPRIVATEAPIS` | Discover private APIs | No | `false` | `true` | -| `SENSEDIA_SENDALLTRAFFIC` | Send all API traffic for reporting (Traceability Agent only) | No | `true` | `false` | -| `SENSEDIA_TRACEABILITYBATCHSIZE` | Batch size for traceability API calls (Traceability Agent only) | No | `500` | `1000` | -| `SENSEDIA_TIMEOFFSET` | Time offset for processing delays (Traceability Agent only) | No | `10m` | `15m` | +| Variable | Description | Required | Default | Example | +| -------------------------------- | --------------------------------------------------------------- | -------- | ----------------------- | ------------------------------------------ | +| `SENSEDIA_BASEURL` | Sensedia platform base URL | Yes | | `https://platform-production.sensedia.com` | +| `SENSEDIA_AUTH_CLIENTID` | Client ID for OAuth authentication | No | | `id` | +| `SENSEDIA_AUTH_CLIENTSECRET` | Client Secret for OAuth authentication | No | | `` | +| `SENSEDIA_AUTH_TOKEN` | Static authentication token | No | | `your-static-token` | +| `SENSEDIA_DEVELOPEREMAIL` | Email for application creation (Discovery Agent only) | Yes | | `developer@company.com` | +| `SENSEDIA_ENVIRONMENTS` | Comma-separated list of environments | No | `""` (all environments) | `Production,Development` | +| `SENSEDIA_FILTER` | API discovery filter expression | No | `""` (no filtering) | `tag.Axway_axway.Exists()` | +| `SENSEDIA_POLLINTERVAL` | Discovery/Traceability poll interval | No | `5m` (min is '5m') | `5m` | +| `SENSEDIA_DISCOVERYIDENTITYAPIS` | Discover identity APIs | No | `false` | `true` | +| `SENSEDIA_DISCOVERYPRIVATEAPIS` | Discover private APIs | No | `false` | `true` | +| `SENSEDIA_SENDALLTRAFFIC` | Send all API traffic for reporting (Traceability Agent only) | No | `true` | `false` | +| `SENSEDIA_TRACEABILITYBATCHSIZE` | Batch size for traceability API calls (Traceability Agent only) | No | `500` | `1000` | +| `SENSEDIA_TIMEOFFSET` | Time offset for processing delays (Traceability Agent only) | No | `10m` | `15m` | ## Monitoring and troubleshooting diff --git a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/deploy-your-agents-with-amplify-cli.md b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/deploy-your-agents-with-amplify-cli.md index 5b3cf1d66..743fea121 100644 --- a/content/en/docs/connect_manage_environ/connect_sensedia_gateway/deploy-your-agents-with-amplify-cli.md +++ b/content/en/docs/connect_manage_environ/connect_sensedia_gateway/deploy-your-agents-with-amplify-cli.md @@ -16,7 +16,7 @@ Once agents are correctly deployed, they can collect the data from the Sensedia * Docker must be installed and you will need a basic understanding of Docker commands * You will need information on Sensedia API Gateway: * The Sensedia platform URL (e.g., `https://platform-production.sensedia.com`) - * Client ID and Client Secret for API authentication + * Authentication credentials: either Client ID and Client Secret (OAuth) or static token * Configured environments (if filtering by environment) ## Objectives @@ -33,17 +33,18 @@ The Discovery Agent discovers APIs based on tags defined in the agent configurat All common agent variables can be found [here](/docs/connect_manage_environ/connected_agent_common_reference/agent-variables#agent-variables). -| Variable name | Description | -| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SENSEDIA_BASEURL | The base URL of the Sensedia platform API Manager (e.g., `https://platform-production.sensedia.com`). | -| SENSEDIA_AUTH_CLIENTID | The client ID for authenticating with Sensedia API Gateway. | -| SENSEDIA_AUTH_CLIENTSECRET | The client secret for authenticating with Sensedia API Gateway. | -| SENSEDIA_DEVELOPEREMAIL | Developer email for application creation in Sensedia. | -| SENSEDIA_FILTER | Filter condition expression for discovering APIs based on tags. The conditional expression must have "tag" as the prefix/selector. For example, `tag.Axway_axway.Exists()`. | -| SENSEDIA_DISCOVERYIDENTITYAPIS | When set to true, the agent will discover Identity APIs. Default is false. | -| SENSEDIA_DISCOVERYPRIVATEAPIS | When set to true, the agent will discover Private APIs. Default is false. | -| SENSEDIA_ENVIRONMENTS | Comma-separated list of Sensedia environments to filter for discovery (e.g., `Production,Development`). | -| SENSEDIA_POLLINTERVAL | The interval at which to poll Sensedia for changes (ns - default, us, ms, s, m, h). Default is 5m. | +| Variable name | Description | +| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SENSEDIA_BASEURL | The base URL of the Sensedia platform API Manager (e.g., `https://platform-production.sensedia.com`). | +| SENSEDIA_AUTH_CLIENTID | The Client ID for OAuth authentication with Sensedia. Either use this with CLIENTSECRET or use TOKEN. | +| SENSEDIA_AUTH_CLIENTSECRET | The Client Secret for OAuth authentication with Sensedia. Either use this with CLIENTID or use TOKEN. | +| SENSEDIA_AUTH_TOKEN | The static authentication token for Sensedia. Either use this or use CLIENTID with CLIENTSECRET. | +| SENSEDIA_DEVELOPEREMAIL | Developer email for application creation in Sensedia. | +| SENSEDIA_FILTER | Filter condition expression for discovering APIs based on tags. The conditional expression must have "tag" as the prefix/selector. For example, `tag.Axway_axway.Exists()`. | +| SENSEDIA_DISCOVERYIDENTITYAPIS | When set to true, the agent will discover Identity APIs. Default is false. | +| SENSEDIA_DISCOVERYPRIVATEAPIS | When set to true, the agent will discover Private APIs. Default is false. | +| SENSEDIA_ENVIRONMENTS | Comma-separated list of Sensedia environments to filter for discovery (e.g., `Production,Development`). | +| SENSEDIA_POLLINTERVAL | The interval at which to poll Sensedia for changes (ns - default, us, ms, s, m, h). Default is 5m, , minimum is 5m. | ### Create your Discovery Agent environment file @@ -54,8 +55,14 @@ For example: ```yaml # Sensedia connectivity SENSEDIA_BASEURL= + +# Option 1: OAuth authentication SENSEDIA_AUTH_CLIENTID= SENSEDIA_AUTH_CLIENTSECRET= + +# Option 2: Static token authentication - use instead of Option 1 +# SENSEDIA_AUTH_TOKEN= + SENSEDIA_DEVELOPEREMAIL= SENSEDIA_FILTER=tag.Axway_axway.Exists() SENSEDIA_POLLINTERVAL=30s @@ -103,16 +110,17 @@ The Traceability Agent is used to filter the transaction logs from Sensedia API All common agent variables can be found [here](/docs/connect_manage_environ/connected_agent_common_reference/agent-variables#agent-variables). -| Variable name | Description | -| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SENSEDIA_BASEURL | The base URL of the Sensedia platform API Manager (e.g., `https://platform-production.sensedia.com`). | -| SENSEDIA_AUTH_CLIENTID | The client ID for authenticating with Sensedia API Gateway. | -| SENSEDIA_AUTH_CLIENTSECRET | The client secret for authenticating with Sensedia API Gateway. | -| SENSEDIA_ENVIRONMENTS | Comma-separated list of Sensedia environments to monitor for traceability (e.g., `Production,Development`). | -| SENSEDIA_POLLINTERVAL | The interval at which to poll Sensedia for transaction data (ns - default, us, ms, s, m, h). Default is 5m. | -| SENSEDIA_SENDALLTRAFFIC | When set to true, the agent will send all API traffic to be reported. When set to false, only discovered APIs will be reported. Default is false. | -| SENSEDIA_TRACEABILITYBATCHSIZE | The batch size for traceability API calls. Controls how many records are fetched per page. Default is 500. Range: 1-1000. | -| SENSEDIA_TIMEOFFSET | Time offset to subtract from current time when querying for traceability data to account for processing delays. Default is 10m. Range: 1m-60m. | +| Variable name | Description | +| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| SENSEDIA_BASEURL | The base URL of the Sensedia platform API Manager (e.g., `https://platform-production.sensedia.com`). | +| SENSEDIA_AUTH_CLIENTID | The Client ID for OAuth authentication with Sensedia. Either use this with CLIENTSECRET or use TOKEN. | +| SENSEDIA_AUTH_CLIENTSECRET | The Client Secret for OAuth authentication with Sensedia. Either use this with CLIENTID or use TOKEN. | +| SENSEDIA_AUTH_TOKEN | The static authentication token for Sensedia. Either use this or use CLIENTID with CLIENTSECRET. | +| SENSEDIA_ENVIRONMENTS | Comma-separated list of Sensedia environments to monitor for traceability (e.g., `Production,Development`). | +| SENSEDIA_POLLINTERVAL | The interval at which to poll Sensedia for transaction data (ns - default, us, ms, s, m, h). Default is 5m, minimum is 5m. | +| SENSEDIA_SENDALLTRAFFIC | When set to true, the agent will send all API traffic to be reported. When set to false, only discovered APIs will be reported. Default is false. | +| SENSEDIA_TRACEABILITYBATCHSIZE | The batch size for traceability API calls. Controls how many records are fetched per page. Default is 500. Range: 1-1000. | +| SENSEDIA_TIMEOFFSET | Time offset to subtract from current time when querying for traceability data to account for processing delays. Default is 10m. Range: 1m-60m. | ### Create your Traceability Agent environment file @@ -123,8 +131,14 @@ For example: ```yaml # Sensedia connectivity SENSEDIA_BASEURL= + +# Option 1: OAuth authentication SENSEDIA_AUTH_CLIENTID= SENSEDIA_AUTH_CLIENTSECRET= + +# Option 2: Static token authentication - use instead of Option 1 +# SENSEDIA_AUTH_TOKEN= + SENSEDIA_ENVIRONMENTS=Production,Development SENSEDIA_POLLINTERVAL=5m SENSEDIA_TRACEABILITYBATCHSIZE=500 @@ -274,8 +288,9 @@ The installation procedure will prompt for the following: * **Service account**: can be an existing service account created in the Amplify platform. The installation procedure creates a service account that can be used only with Amplify Engage. If you choose an existing service account, be sure you have the appropriate public and private keys, as they will be required for the agent to connect to the Amplify platform. If you choose to create one, the generated private and public keys will be provided. 3. Sensedia Configuration Setup options: * **Platform URL**: Sensedia platform base URL (e.g., `https://platform-production.sensedia.com`) - * **Client ID**: Client ID for Sensedia API authentication - * **Client Secret**: Client Secret for Sensedia API authentication + * **Authentication Method**: Choose between OAuth or Static Token + * **OAuth**: Client ID and Client Secret + * **Static Token**: Authentication token * **Environments**: Comma-separated list of environment names (e.g., `Producao,Development`) * **Discovery Identity APIs**: Whether to discover identity APIs (true/false) * **Discovery Private APIs**: Whether to discover private APIs (true/false)