Cumulocity Production
Hi,
Thanks,
Samanyu
Hi,
see Stefans Response to your previous thread here:
The bootstrapuser is just for retrieving the service user for each tenant. I think I made this clear now multiple times. You should not use that in any other API Call of your microservice (even when it is working). The service user permissions are defined in your manifest file.
Hi Korbinian,
That is fine but I need to understand the process here. Can’t we expose the “service user” credentials and use rest API call internally?
Everything is well documented here:
https://cumulocity.com/guides/microservice-sdk/concept/#microservice-bootstrap
What is missing from your perspective? For what purpose do you want to expose the service user credentials outside of the microservice context? Of course you can do that but security-wise it is still a high risk because the service user has all the rights which are defined in the microservice manifest…
Hi Stefan,
When we provide a value to the required interval field, a availability fragment is created for that specific M.O. Now when we are trying to send update the fragment it is not working because of that “header” in SDK. So, if we get the user credentials, we can do a rest API call and send an empty put call which will make sure that the request is coming from a device as you suggested in different post.
Thanks,
Samanyu
Uhhh this is way too complicated for what you wanted to achieve. It’s much easier.
See here for an example using restTemplate:
Just adapt that to the inventory API and you can freely define which headers are sent or not also you get the required credentials via the context service which can be autowired into your service:
@Autowired
private ContextService<MicroserviceCredentials> contextService;
headers.set("Authorization", contextService.getContext().toCumulocityCredentials().getAuthenticationString());
Hi Stefan,
We have implemented what you said and it worked in local but after deployment we are getting errors. It is not able to pull the image and the service is unhealthy. Could you please help how we can resolve this issue? If any extra roles required for this "context service*.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.