API policy service
15.3.1. Configure the Airlock IAM API policy service

Prerequisites

  • You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.
  • The IAM bundle API Access Management must be licensed.
  • The database schema of Airlock IAM needs to be up to date with IAM 7.6.

Instruction

  • 1.
    Go to:
  • Top-level plugin API Policy Service (create it if necessary)

  • 2.
    Connect existing or create the Technical Client Database Repository plugin. Please refer to the documentation in the Config Editor for details.
  • 3.
    Choose a value for Shared Secret to secure the communication with one or more Airlock Gateway.
  • 4.
    Activate the configuration.
  • The API Policy Service is now ready to be used with the Airlock Gateway.

Configuration hints

Storage Encryption
The Storage Encryption plugin within the Technical Client Database Repository specifies how sensitive data stored in the IAM database is encrypted.
If the configured secret is lost or changed, the data in the database cannot be recovered.
Cipher
The Cipher plugin within the Technical Client Database Repository is only used for backward compatibility with data encrypted with IAM release 7.1. It is automatically set during configuration migration from IAM 7.1 to IAM 7.2.
You do not have to care about this setting if you did not use PSD2 features with IAM 7.1.
If the configured secret is lost or changed, the data in the database cannot be recovered.
Clock synchronization
The Shared Secret is used to secure the connection between the Airlock Gateway and Airlock IAM. It is used to sign requests and involves a timestamp. It is therefore essential that the clocks of the involved components are synchronized.