MindSphere Extract authentication guide
Overview
This is a step-by-step guide to acquiring credentials and authorising the MindSphere Extract connector for use in Matillion ETL.
Important Information
- The MindSphere Extract connector uses an API token for third-party authentication.
- The MindSphere account used must be on a MindAccess DevOps Plan with the Outbound Traffic Upgrade to use MindSphere services from outside the MindSphere platform.
- While connector properties may differ between Cloud Data Warehouses, the authentication process remains the same.
Creating an OAuth Entry in Matillion ETL
-
Navigate to the organisation's MindSphere Launchpad URL. The MindSphere login screen will appear immediately. Enter valid login credentials to continue. The browser will then open the MindSphere Launchpad. Once logged in, click the company logo in the top left corner of the screen, then copy the Tenant name as this will be required in Authorising for use in Matillion ETL.
Please Note
The organisation's MindSphere Launchpad URL should take the form of
<hostTenant>.<region>.mindsphere.io
– for examplecompany.eu1.mindsphere.io
-
Next, click Developer Cockpit.
-
Then, in the top left of the Developer Cockpit window, click + Create new application.
-
Now, on the Create Application page, provide details for the following fields:
- Type – select the type of application to be created
- Infrastructure – select Self Hosted
- Display Name – provide a descriptive name for the application
- Internal Name – provide a shortened URL-friendly version of the application name
- Version – provide version code for the application
- Name – provide a name for at least one component
- Direct URL – provide a direct URL for the application, then click +
Please Note
- Take note of the details entered here as they will be required in Authorising for use in Matillion ETL.
- If API is selected for the application type, no app credentials will be provided via MindSphere Launchpad and will instead need to be configured via an API.
-
The Add New Endpoint pop-up window will open. In the Path provide a path for the component and click Add.
-
On returning to the Create Application page, click Save at the top right of the page.
-
If all details were entered correctly before clicking Save, a green box will appear at the top of the screen stating, "Application created successfully". Next, under Roles, click configure ↗.
-
The browser will then redirect to the Authorization Management tab of the Developer Cockpit. In the open App Roles window, click + Create Scope in the Application Scopes panel to add scopes. This step is not required to acquire credentials or authenticate the application.
-
API roles must then be added. Click + on the MindSphere API Roles panel, then click + Add MindSphere API Role. This will open the MindSphere API Access pop-up window. From here, roles can be added one by one.
Please Note
The
mdsp:core:shs.tenantAdmin
andmdsp:core:tm.tenantAdmin
roles are required to allow Matillion ETL third-party access. -
Next, on the sidebar on the left, click App Credentials.
-
Enter the internal name of the newly created application in the Filter field, or locate it in the list below. Then, click the application's internal name to open the list item, and click the relevant application version. This will open the application's credentials window.
-
Now, in the application's credentials window, click Issue access.
-
The Data Access pop-up window will appear. Select the access level for the application then click Submit.
-
The Data Access pop-up window will be replaced by the Service Credentials - Token Manager API pop-up window. Copy the codes in the fields under Client ID and Client Secret as they will be required in Authorising for use in Matillion ETL.
Please Note
- Make sure to copy the client secret right away as it may appear only once.
- Additionally, when copying the codes, some browsers may add a space to the end of the code. Watch out for this as it will cause the credentials to fail.
Authorising for use with Matillion ETL
-
If a MindSphere Extract connector is not already on the job canvas, search "MindSphere" using the Components search field, or find the MindSphere Extract connector under Orchestration → Load/Unload → ERP.
Please Note
An Orchestration Job must be open on the job canvas within Matillion ETL to ensure the MindSphere Extract connector is searchable within the Components panel.
-
Then, click and drag the MindSphere Extract connector onto the job canvas.
-
Click the connector icon on the job canvas to open the Properties panel at the bottom of the screen.
-
Click ... next to the API Username input.
-
In the the API Username pop-up window, enter the Client ID (copied from the Mindsphere Launchpad earlier).
-
Then, click ... next to the API Password input. In the API Password pop-up window, paste the Client Secret (copied from the Mindsphere Launchpad earlier) into the Store in component field and click OK.
Please Note
Passwords and codes can also be saved using the Matillion ETL Password Manager. To learn how to do this, please refer to the Manager Passwords article.
-
Next, click ... next to the App Name input. In the App Name pop-up window, paste the Internal Name (copied from the Mindsphere Launchpad earlier) into the field provided and click OK. Then, using the same process, paste the Version into the App Version input, paste the Host tenant into the Host Tenant input, and finally, paste the Tenant name into the User Tenant input.
-
If all inputs are entered correctly, the connector should be authenticated and the status of the input will be displayed as OK.