Add API user and callback URL in Hermod
This article describes how to add a new API user in Hermod to get a unique API key for authentication to the API.
Prerequisites
Installed Hermod, see Deploy Smart ID.
Step-by-step instruction
Edit configuration file for Hermod docker image
To configure Hermod, do the following:
Open Hermod Config file.
Navigate to the top-level directory where docker-compose.yml is located. The configuration file should then be found in a config/ directory.
Example: File structure
CODEmydir/ |-- cacerts |-- certificates |-- config | |-- application.yml -> cod-hermod.yml | `-- cod-hermod.yml `-- docker-compose.ymlOpen the configuration file for editing.
Example: Command to edit configuration file
TEXTvi config/cod-hermod.yml
Application.yml is a link to cod-hermod.yml.
Application.yml is the actual file used by the server.
Edit configuration file for Hermod WAR file
Navigate to and open for editing application.yml.
Default file path: /wbapps/hermod/WEB-INF/classes/application.ymlOpen a browser and go to the following URL, using a unique
<myclientid>:Example: Generate client URL
TEXThttp://localhost:20400/<contextPath>/<uriBase>/util/generateclient/<myclientid> The default value for /<contextPath>/<uriBase> is /hermod/rest
Find port numberAll requests below are triggered from the host itself, thus localhost is used.
The port number (20400 in the example above) might have been assigned a different value. To find out the current port number, do the following:
For docker:
Type the commandCODEdocker ps | grep hermod_hermodFor tomcat:
Check server.xmlCopy the content from the resulting web page and paste it into the
allowed-clientssection of the configuration file.
The username and password must match the username and password for the dedicated user that has been added in Identity Manager, see Integrate Identity Manager with Smart ID Messaging.
Example: Generate client
# X-Api-Key: a2Fyb2xpbjpmZDA0ZGUyZjFlNTU0NGIyOTE1ZDFhNjUwOThjNDkwNjM3YTA3MTVmNWM5ODQzNDU5ZjA1ZGZjMjk4MzQyOTM2
- client-id: <myclientid>
key: fd04de2f1e5544b2915d1a65098c490637a0715f5c9843459f05dfc298342936
# Optional username:password to be supplied for basic authentication in callbacks
callback-basic-auth: username:password
# The callback URL base for this specific client
callback-url: http://localhost:20400/hermod/restX-API-Key, which is the base64-encoded value of client-id:key, is the key you need to configure in clients, such as Smart ID Identity Manager.
Do not add any extra spaces in the configuration file, the .yml file format is space sensitive.
Edit
callback-urlto receive the callbacks from the Hermod API.
Also editusernameandpasswordif the callback URL requires basic authentication.Optional - If visual data is to be fetched from an external content provider:
Configure
content-provider-urlto point to the Content provider API.Also edit user and pwd if the content provider requires basic authentication.
CODE# Optional: username and password to be supplied for basic authentication to the content provider content-provider-basic-auth: user:pwd # Optional: The URL to the content provider API # When Identity Manager is used as content provider, the URL will look like this: https://<IDM-OPERATOR>/ws/hermod/contentprovider/getcontent content-provider-url: https://myprovider/getcontent
Save and exit the configuration file.
Refresh configuration and test API key
Refresh the configuration:
Example: Refresh configuration
TEXTcurl -X POST http://localhost:20400/<contextPath>/refreshTest the new key by sending a request using curl (set
THE-NEW-KEYbelow):
Example: Test API keyCODEcurl -w%{http_code} -X POST \ http://localhost:20400/<contextPath>/<uriBase>/command/ping \ -H 'cache-control: no-cache' \ -H 'content-type: application/json' \ -H 'x-api-key: THE-NEW-KEY' \ -d '{ "commandHeader" : { "to": ["api-test"] } }'Check the response.
If you get a 403 response, you have the wrong API key.
If you get a 404 response, then you have the correct API key. A 404 response means that the user
api-testisn't found, which is expected at this point.