Consume a generated API

To consume data from a generated Aspect API, create or reuse a module in Multitenant Access Control and assign the corresponding role to it.

To your module, assign the role that corresponds to your generated API, for example:
Read movement AoD API
See also: Which role to add to the module?

Prerequisites

You have a successfully generated API that you need credentials for.
See also Generate and deploy an API.
You are (or collaborate with) the tenant manager — with access to your tenant’s Multitenant Access Control portal.

How to proceed

To consume data from the generated API, your technical client needs:

Client credentials to access the API
The corresponding user role to retrieve data from the API

Client credentials

If you do not reuse an existing module, then create a module so that you gain valid client credentials for your technical client.

For a step-by-step guide on how to create a module, refer to: Modules: Grant access for technical clients

→ Result: You have a client ID and client secret for your technical client to access the generated API.

Permissions to consume the API

Assign the corresponding role to your module to give your technical client the permissions to consume data from your generated API.

For a step-by-step guide, refer to: Roles: Give permissions — assign roles

→ Result: Your technical client now has the permissions to consume the generated API.

Which role to add to the module?

At the Multitenant Access Control portal, after your API was generated and deployed, new roles were generated, too.

Each generated Aspect API is represented by a corresponding new role at the Multitenant Access Control portal.

To your module, assign the role that corresponds to and results from your generated API. That way, the client credentials for your technical client will be used to access that API.

How to recognize the roles that belong to generated APIs

Read <Aspect Model name> AoD API

The display name for the resulting new role in Multitenant Access Control consists of the following elements:

Read prefix
Aspect Model name
AoD API suffix

Example

Your API was generated by Aspect on Demand on the basis of the Movement Aspect Model.

Then, the display name for the resulting new role in Multitenant Access Control is:

Read movement AoD API

API versions

A generated API is also represented by a module in Multitenant Access Control.

The module name for a generated API may contain a version indicator. It refers to the major version of the Aspect Model the API is based on.

For example:

An API generated from the Plants Aspect Model 1.2.0 will be considered v1.
An API generated from the Plants Aspect Model 2.3.1 will be considered v2.

Note that two APIs like that, v1 and v2, are two separate Aspect APIs, each represented by a distinct corresponding API module in Multitenant Access Control.

For the associated roles, this means that — while the roles for a v1 and v2 API contain the same privileges and permissions — the roles originate from different API modules (v1 and v2). Therefore, as with all other roles, always assign the corresponding role for the generated API to your module for your technical client.

In short, to access a v1 API, add the v1 role to your module for your technical client.

Example for a v1 role