For each application deployment, you must define how Acoustic Exchange business users register your business solution or product as an endpoint in their Acoustic Exchange account and how Acoustic Exchange authenticates with your operational systems.
Specifying the provisioning method indicates to Acoustic Exchange how it should provision the Acoustic Exchange user accounts of users who register your product or solution as an endpoint in their Acoustic Exchange account. When you specify the provisioning method, you define the following provisioning requirements.
- Specify a provisioning type to indicate how Acoustic Exchange users must submit endpoint registration requests.
- Specify the authentication method that Acoustic Exchange must use when it communicates on behalf of the user with the operational systems that support your product or solution systems.
- Specify if you want Acoustic Exchange to notify you when Acoustic Exchange users subscribe to events that involve endpoints based on your application. This option applies only if you are a publisher or consumer of events.
The Integration Manager changes the provisioning options available to you based on your choice of provisioning type.
Specify the type of authentication that you require for direct connect registration requests and other direct communication with your product or solution.
Acoustic Exchange always includes authentication information for direct connect endpoint registration requests. If you specify Direct connect registration, you must also specify your preferred authentication method. However, Integration Manager does not provide this option if you specify Instructions only registration.
If you request that Acoustic Exchange notify you when Acoustic Exchange users subscribe to events that you either produce or consume, you have the option to require that Acoustic Exchange include authentication information in the header of the notification. This is optional. You must explicitly request additional authentication for subscription notifications. Additional authentication for subscription notifications is available only if you also specify Direct connect endpoint registration.
You can request that Acoustic Exchange add authentication information for all other direct communications with your product, not limited to endpoint registration requests and subscription notifications. This option is available only if you also specify Direct connect endpoint registration.
Acoustic Exchange supports the following authentication methods:
- API Key: You specify a key value when you register for subscription notification. When Acoustic Exchange reports a subscription change in an HTTP call, Acoustic Exchange adds the specified key in the HTTP header. For example, Authorization : Bearer <API key>.
- HTTP Basic: You specify a username and password when you register for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange submits the credentials encoded in the HTTP header in RFC 2617 format. For example, Authorization : Basic <encoded user ID and password>.
- OAuth: You specify a client ID and client secret when you register for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange includes these values in the OAuth parameters that it adds to the header of the HTTP call.
- OAuth with a refresh token only: You specify a client ID and client secret during account provisioning, separately from registration for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange includes a refresh token, but not the client ID or client secret, in the OAuth authorization parameters in the HTTP header.