Cancel
Showing results for 
Search instead for 
Did you mean: 

Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Creator
Creator

Hey
I have a difficult time figuring out how I can call a backend service that is running in Cloud Foundry from the outside. Let's say I have created a backend service that takes a request from a service outside the scope of MindSphere, is this possible? Is there any way in Cloud Foundry to make an open endpoint to an application?

 

Right now we are working on a project where we use sensors from Disruptive technologies to stream live information (sensor data) to the application. The application uses Server Send Event to listening for stream events using the DT (Disruptive technologies) stream API.

 

To get those sensor values into MindSphere time series we have created a middleware in Azure that handles this connection between DT and MindSphere time series.

But we really want to host this backend service (middleware) in Cloud Foundry and use the Data connectors in DT, because it is more reliable than HTTP streams.

6 REPLIES 6

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Legend
Legend
Unless I'm not understanding your use case correctly, this would be server-to-server communication to a backend that you would deploy in cloudfoundry, requests coming from another one residing outside. That is perfectly possible and the use case of the technical user credentials:
https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html

You'd just use your client_credentials from the external server to the internal mindsphere APIs or your own backend in cloudfoundry.

I'm not sure what these "Data connectors in DT" are do, are those using an http rest api, websockets, ...?

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Creator
Creator

Thanks for the quick response Smiley Happy


Yes, in this case, it is a server-to-server (could also be client-to-server) communication. The Data connectors will process a PUSH request that triggers the server URL (a function on the server) each time one of the sensors changes state or values.

 

Ok, so I had a bit of time to test this again using POSTMAN, but still no luck.

 

Here are the steps I did:

 

1. Fist I used my Technical user to require an access_token
2. Then i copied MindSphere application URL https://{tenantName}-{webApp}-{provider}.eu1.mindsphere.io/api(controller)/function1 into POST
3. And then I copied the access_token into the header as a Bearer Authentication.
4. As a result, I get a httpCodeStatus 200 with a message saying: Since your browser does not support JavaScript, you must press the Continue button once to proceed.

 

Calling a function(ex. function1) on the server works fine when I'm logged into MindSphere from the browser.

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Legend
Legend

I'm assuming that you're following the relevant documentation:

https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html

 

I haven't seen the error you report, so I'm assuming that in some step you're doing something wrong, maybe incorrectly setting the bearer token, incorrectly setting your application url, or not properly exposing the paths of your app in the developer cockpit. I'd try on your end the python example in the documentation (which instead of connecting to your app api tries to access one of the core mdsp apis).

 

You also have some more examples in the devops-demo project (check below how we use a script to access the mindsphere notification API from gitlab):

https://gitlab.com/mindsphere/devops-demo/blob/master/.gitlab-ci.yml#L110

 

Regarding client-to-server access, please beware that client_credentials are administrative credentials and hence it's not a good idea to push them to clients. Their use case is either cli administrative tools or server to server communication.

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Creator
Creator

Thank again for your quick reply Smiley Happy

 

Yes I have followed the documentation, and I have no problem accessing MindSphere API's using POSTMAN with my Technical user credentials, this is working fine.

Also configuring the application to get information from the outside is also working fine as long as you specify it in the content security policy header.

But my problem is accessing my application that works as a backend REST API service from the outside of MindSphere.

 

Okay, let's say I am creating a REST API using .NET Core or NodeJS.

I deploy this backend service or REST API service that I created to Cloud Foundry.

 

Is it then possible to call this REST API service that I created from the ouside, for example using POSTMAN?

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Legend
Legend
I was pretty sure that you could reach both MindSphere APIs (https://gateway....) and your custom backends (https://{tenantName}-{webApp}...) using the client_credentials. But apparently the documented version *only* works for the core mdsp APIs, I never realized because I had not needed it, but I have just checked and no, it doesn't work for your custom backend apps. Which is really weird.

On top of it, you'd need to review your use case in the long term, because apparently client_credentials are not available in the IoT value plan (yet).

I'll ask the mdsp team and keep you in the loop.
Highlighted

Re: Calling backend service from the outside (Open endpoint to Cloud Foundry applications)

Experimenter
Experimenter

Hello @dlouzan ,

just a quick reply from myself.

I've done a custom api call from my Development Tenant, turns out that this is "not officially supported (yet)", when I tried to deploy my solution on the Operator Tenants, I've contacted the support and yes, they have told me exactly what you've mentioned "only with core mdsp APIs".
However reading the docs, did't you think that it should work everywhere? I mean is there any place where they say "this only works with core apis" ?


Anyway, I was told that on the Q1 of 2020 we would be able to have our custom API calls from our own apps (non-core apps).

 

@evenmun 

If you want that your solution stays on the Development Tenant you can easily do it, just don't forget that, once this is not an official feature, it can be shut down anytime.

I'll explain the steps I've made.

1- You generate your Client Credentials on MindSphere Developer Cockpit


2- With those credentials you will make a POST request to this endpoint : 

https://gateway.eu1.mindsphere.io/api/technicaltokenmanager/v3/oauth/token

You will need to set an HTTP HEADER called "X-SPACE-AUTH-KEY", its content will be "Basic <base64string>" where <base64string> is the result of your "app_credentials_id:app_credentials_secret" converted to base64 string (without ").

E.g:

new Buffer(clientId.concat(':').concat(secret)).toString('base64')


Also you have to set a POST body with the content type application/json, with the following content: 

{ "appName": "yourAppName","appVersion": "appVersion","userTenant": "devTenantName","hostTenant": "devTenantName"}


3 - Once you get your Access Token you can make request to your custom API endpoint:

https://gateway.eu1.mindsphere.io/api/<appName>-<tenantName>/v1/<apiPath>

 where <apiPath> is something like server/api/myendpoint/....

 

Best regards,

Bruno Rodrigues