Connections > Connection properties > REST V2 connection properties
  

REST V2 connection properties

When you set up a REST V2 connection, you must configure the connection properties.
The following table describes the REST V2 connection properties for a standard authentication type connection:
Connection property
Description
Runtime Environment
Name of the runtime environment where you want to run the tasks.
Specify a Secure Agent, Hosted Agent, or serverless runtime environment.
Authentication Type
If required, select the authentication method that the connector must use to login to the web service application. Default is none.
Auth User ID
The user name to login to the web service application when you select the Basic authentication.
Digest authentication is not applicable.
Auth Password
The password associated with the user name when you select the Basic authentication.
Digest authentication is not applicable.
OAuth Consumer Key
The client key associated with the web service application.
Required only for OAuth authentication type.
OAuth Consumer Secret
The client password to connect to the web service application.
Required only for OAuth authentication type.
OAuth Token
The access token to connect to the web service application.
Required only for OAuth authentication type.
OAuth Token Secret
The password associated with the OAuth token.
Required only for OAuth authentication type.
Swagger File Path
The absolute path along with the file name or the hosted URL of the swagger specification file. The hosted URL must return the content of the file without prompting for further authentication and redirection.
If you provide the absolute path of the swagger specification file, the swagger specification file must be located on the machine that hosts the Secure Agent. The user must have the read permission for the folder and the specification file. Example:
C:\swagger\sampleSwagger.json
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Name
The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Proxy Type
Type of proxy. You can select one of the following options:
  • - No Proxy. Bypasses the proxy server configured at the agent or the connection level.
  • - Platform Proxy. Proxy configured at the agent level is considered.
  • - Custom Proxy. Proxy configured at the connection level is considered.
Proxy Configuration
The proxy configuration format: <host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the Secure Agent uses when connecting to a REST endpoint. You can specify the following arguments, each separated by a semicolon (;):
ConnectionTimeout. The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
Note: If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
connectiondelaytime. The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
retryattempts. Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
qualifiedSchema. Specifies if the schema selected is qualified or unqualified. Default is false.
Example:
connectiondelaytime:10000;retryattempts:5

OAuth 2.0 client credentials authentication

The following table describes the REST V2 connection properties for an OAuth 2.0 - Client Credentials authentication type connection:
Connection property
Description
Access Token URL
Access token URL configured in your application.
Client ID
Client ID of your application.
Client Secret
Client secret of your application.
Scope
Specifies access control if the API endpoint has defined custom scopes. Enter space separated scope attributes. For example:
root_readonly root_readwrite manage_app_users
Access Token Parameters
Additional parameters to use with the access token URL. Parameters must be defined in the JSON format. For example:
[{"Name":"resource","Value":"https://<serverName>"}]
Client Authentication
Select an option to send Client ID and Client Secret for authorization either in the request body or in the request header. Default is Send Client Credentials in Body.
Generate Access Token
Generates access token based on the information provided in the above fields.
Access Token
Enter the access token value or click Generate Access Token to populate the access token value.
To pass the generate access token call through a proxy server, you must configure an unauthenticated proxy server at the Secure Agent level. The REST V2 connection-level proxy configuration does not apply to the generate access token call.
Swagger File Path
The absolute path along with the file name or the hosted URL of the swagger specification file. The hosted URL must return the content of the file without prompting for further authentication and redirection.
If you provide the absolute path of the swagger specification file, the swagger specification file must be located on the machine that hosts the Secure Agent. The user must have the read permission for the folder and the specification file. Example:
C:\swagger\sampleSwagger.json
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Name
The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Proxy Type
Type of proxy. You can select one of the following options:
  • - No Proxy: Bypasses the proxy server configured at the agent or the connection level.
  • - Platform Proxy: Proxy configured at the agent level is considered.
  • - Custom Proxy: Proxy configured at the connection level is considered.
Proxy Configuration
The proxy configuration format: <host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the Secure Agent uses when connecting to a REST endpoint. You can specify the following arguments, each separated by a semicolon (;):
ConnectionTimeout: The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
Note: If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
connectiondelaytime: The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
retryattempts: Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
qualifiedSchema: Specifies if the schema selected is qualified or unqualified. Default is false.
Example:
connectiondelaytime:10000;retryattempts:5

OAuth 2.0 authorization code authentication

To use authorization code authentication, you must first register the following Informatica redirect URL in your application:
https://<Informatica cloud hosting facility for your organization>/ma/proxy/oauthcallback
If the access token expires and the error codes 400, 401,and 403 are returned in the response, Informatica redirect URL, which is outside the customer firewall, tries to connect to the endpoint and retrieve a new access token.
The following table describes the REST V2 connection properties for an OAuth 2.0 - Authorization Code authentication type connection:
Connection property
Description
Authorization Token URL
Authorization server URL configured in your application.
Access Token URL
Access token URL configured in your application.
Client ID
Client ID of your application.
Client Secret
Client secret of your application.
Scope
Specifies access control if the API endpoint has defined custom scopes. Enter space separated scope attributes. For example:
root_readonly root_readwrite manage_app_users
Access Token Parameters
Additional parameters to use with the access token URL. Parameters must be defined in the JSON format. For example:
[{"Name":"resource","Value":"https://<serverName>"}]
Authorization Code Parameters
Additional parameters to use with the authorization token URL. Parameters must be defined in the JSON format. For example:
[{"Name":"max_age","Value":60},{"Name":"state","Value":"test"}]
Client Authentication
Select an option to send Client ID and Client Secret for authorization either in the request body or in the request header. Default is Send Client Credentials in Body.
Generate Access Token
Generates access token and refresh token based on the information provided in the above fields.
Access Token
Enter the access token value or click Generate Access Token to populate the access token value.
To pass the generate access token call through a proxy server, you must configure an unauthenticated proxy server at the Secure Agent level. The REST V2 connection-level proxy configuration does not apply to the generate access token call.
Refresh Token
Enter the refresh token value or click Generate Access Token to populate the refresh token value. If the access token is not valid or expires, the Secure Agent fetches a new access token with the help of refresh token.
If the refresh token expires, you must either provide a valid refresh token or regenerate a new refresh token by clicking Generate Access Token.
Swagger File Path
The absolute path along with the file name or the hosted URL of the swagger specification file. The hosted URL must return the content of the file without prompting for further authentication and redirection.
If you provide the absolute path of the swagger specification file, the swagger specification file must be located on the machine that hosts the Secure Agent. The user must have the read permission for the folder and the specification file. Example:
C:\swagger\sampleSwagger.json
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Name
The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Proxy Type
Type of proxy. You can select one of the following options:
  • - No Proxy: Bypasses the proxy server configured at the agent or the connection level.
  • - Platform Proxy: Proxy configured at the agent level is considered.
  • - Custom Proxy: Proxy configured at the connection level is considered.
Proxy Configuration
The proxy configuration format: <host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the Secure Agent uses when connecting to a REST endpoint. You can specify the following arguments, each separated by a semicolon (;):
ConnectionTimeout: The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
Note: If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
connectiondelaytime: The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
retryattempts: Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
qualifiedSchema: Specifies if the schema selected is qualified or unqualified. Default is false.
Example:
connectiondelaytime:10000;retryattempts:5

JWT bearer token authentication

When you set up a REST V2 connection, you must configure the connection properties.
The following table describes the REST V2 connection properties when you use JWT bearer token authentication:
Connection property
Description
JWT Header
JWT header in JSON format.
Sample:
{
"alg":"RS256",
"kid":"xxyyzz"
}
You can configure HS256 and RS256 algorithms.
JWT Payload
JWT payload in JSON format.
Sample:
{
"iss":"abc",
"sub":"678",
"aud":"https://api.box.com/oauth2/token",
"box_sub_type":"enterprise",
"exp":"120",
"jti":"3ee9364e"
}
The expiry time represented as exp is the relative time in seconds. The expiry time is calculated in the UTC format from the token issuer time (iat).
When iat is defined in the payload and the expiry time is reached, mappings and Generate Access Token will fail. To generate a new access token, you must provide a valid iat in the payload.
If iat is not defined in the payload, the expiry time is calculated from the current timestamp.
To pass the expiry time as a string value, enclose the value with double quotes. For example:
"exp":"120",
To pass the expiry time as an integer value, do not enclose the value with double quotes. For example:
"exp":120,
Authorization Server
Access token URL configured in your application.
Authorization Advanced Properties
Additional parameters to use with the access token URL. Parameters must be defined in the JSON format. For example:
[\{"Name":"client_id","Value":"abc"},\{"Name":"client_secret","Value":"abc"}]
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Path
Mandatory. The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
Mandatory. The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Private Key Alias
Mandatory. Alias name of the private key used to sign the JWT payload.
Private Key Password
Mandatory. The password for the keystore file required for secure communication. The private key password must be same as the keystore password.
Access Token
Enter the access token value or click Generate Access Token to populate the access token value.
To pass the generate access token call through a proxy server, you must configure an unauthenticated proxy server at the Secure Agent level. The REST V2 connection-level proxy configuration does not apply to the generate access token call.
Swagger File Path
The absolute path along with the file name or the hosted URL of the swagger specification file. The hosted URL must return the content of the file without prompting for further authentication and redirection.
If you provide the absolute path of the swagger specification file, the swagger specification file must be located on the machine that hosts the Secure Agent. The user must have the read permission for the folder and the specification file. Example:
C:\swagger\sampleSwagger.json
Proxy Type
Type of proxy. You can select one of the following options:
  • - No Proxy: Bypasses the proxy server configured at the agent or the connection level.
  • - Platform Proxy: Proxy configured at the agent level is considered.
  • - Custom Proxy: Proxy configured at the connection level is considered.
Proxy Configuration
The proxy configuration format: <host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the Secure Agent uses when connecting to a REST endpoint. You can specify the following arguments, each separated by a semicolon (;):
ConnectionTimeout: The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
Note: If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
connectiondelaytime: The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
retryattempts: Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
qualifiedSchema: Specifies if the schema selected is qualified or unqualified. Default is false.
Example:
connectiondelaytime:10000;retryattempts:5
Important: The HS256 algorithm support in JWT Header is available for preview. Preview functionality is supported for evaluation purposes but is unwarranted and is not production-ready. Informatica recommends that you use in non-production environments only. Informatica intends to include the preview functionality in an upcoming release for production use, but might choose not to in accordance with changing market or technical circumstances. For more information, contact Informatica Global Customer Support. To use the functionality, your organization must have the appropriate licenses.

Rules and guidelines for REST V2 connections

The following verifications take place when you test a connection:
The following table lists the results for various proxy settings use cases at run time:
System Proxy
REST V2 Connection Attribute
Result
No Proxy
Platform Proxy
Custom Proxy
No
Yes
No
No
Proxy is not considered.
No
No
Yes
No
Proxy is not considered.
No
No
No
Yes
Custom proxy is considered.
Yes
Yes
No
No
Proxy is not considered.
Yes
No
Yes
No
Platform proxy is considered.
Yes
No
No
Yes
Custom proxy is considered.