Authenticate an API translation integration

After you create an API integration method, you must ensure that Inspire has all the information necessary to pull information from a GlobalLink Enterprise (formerly known as Project Director) submission. First you must Authenticate an Active integration method. This action allows Inspire to contact GlobalLink Enterprise using the OAuth information you supply. Authentication verifies Inspire's identity, and authorization determines Inspire's access rights to GlobalLink Enterprise information. If Inspire can't authenticate successfully with GlobalLink Enterprise, you see an error. If Inspire can authenticate successfully with GlobalLink Enterprise, you can see the configuration and can edit it if necessary.

Inspire uses OAuth, an open-standard authorization protocol that provides applications with secure designated access. Authentication verifies Inspire's identity, and authorization determines Inspire's access rights to GlobalLink Enterprise information.

  • OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between GlobalLink Enterprise and service providers such as Inspire.
  • OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials.

To authenticate a translation integration method:

  1. From the Administration_TopMenuOpt Administration menu, select Translation Settings, and then Translation integration management.
  2. On the Translation integration management tab, double click the integration method you want to authenticate.
  3. On the Edit Translation Integration screen, if the Active checkbox isn't selected:
    1. Select the Active checkbox.
    2. Click Update.
    3. On the Translation integration management tab, double click the integration method you want to authenticate.
  4. Click Authenticate.
  5. On the Authentication screen, do the following:
    1. To identify the location of your GlobalLink Enterprise resource, in Resource Uri, enter the location as a URL. For example, https://mycompany_pd1.com/PD.
    2. To identify the location of your resource that processes OAuth requests, in Authority Uri, enter the your OAuth server details. For example, https://mycompany_pd1.com/PD/oauth/token.
    3. To identify the account Inspire should use to log in to your GlobalLink Enterprise resource, in User Name, enter a valid account user name. For example, admin.projectdirector.
    4. To identify the account's password that Inspire should use to log in to your GlobalLink Enterprise resource, enter the Password for the User Name from the previous step.
    5. To permit OAuth to give Inspire an access token, enter the Client Id and the Client Secret that matches it.
      The secret should be known only to the OAuth application (GlobalLink Enterprise) and the authorization server. The client secret is generated during the process of application registration.
    6. In Authentication Method, choose one of the following options:
      • ClientCredentials—use this option when applications are requesting an access token to their own resources, not on behalf of a user. In this case OAuth authenticates and authorizes the Inspire application rather than a user.
      • ResourceOwnerPassword—use this option only with highly-trusted applications. This method requests that you provide user credentials (username and password). These credentials are sent to the backend and can be stored for future use before being exchanged for an Access Token. Therefore it is imperative that the application is absolutely trusted with this information.
      • Delegation—use this option if you want to assign a subset of your authorization to another party, without requiring either party to disclose its credentials to the other.
    7. After getting an access token, Inspire can use it in an Authentication header to make protected resource requests. If you want to allow this, select Include Basic Authentication Header.
    8. To specify the way Inspire gets an access token, in Grant Type, select one of the following:
      • Implicit—use this option if you want Inspire to request and obtain tokens through the front browser channel, without the need for secrets or extra backend calls.
      • Credentials—use this option if you want OAuth to authenticate and authorize the Inspire application rather than a user.
      • Delegation—use this option to assign a subset of your authorization to another party, without requiring either party to disclose its credentials to the other.
      • Hybrid—use this option to force Inspire to use a combination of the implicit and authorization code flow. In hybrid flow the identity token is transmitted via the browser channel and contains the signed protocol response along with signatures for other artifacts like the authorization code. After successful validation of the response, the back-channel is used to retrieve the access and refresh token.
      • Password—use this option if you want to let Inspire request tokens on behalf of a user by sending the user’s name and password to the token endpoint.
    9. The Target Resource Scopes, is not in use at this time so you can leave it empty.
  6. On the Edit Translation Integration screen, click Update.
    Results:
    • The Edit Configuration button is no longer greyed out.
    • Below Edit Configuration, you see the configuration details.