MindSphere Extract Authentication Guide

MindSphere Extract Authentication Guide


Overview

This is a step-by-step guide to acquiring credentials and authorising the MindSphere Extract connector for use in Matillion ETL.

Important Information

  • The MindSphere Extract connector uses an API token for third-party authentication.
  • The MindSphere account used must be on a MindAccess DevOps Plan with the Outbound Traffic Upgrade to use MindSphere services from outside the MindSphere platform.
  • While connector properties may differ between Cloud Data Warehouses, the authentication process remains the same.

Creating an OAuth Entry in Matillion ETL

  1. Navigate to the organisation's MindSphere Launchpad URL. The MindSphere login screen will appear immediately. Enter valid login credentials to continue. The browser will then open the MindSphere Launchpad. Once logged in, click the company logo in the top left corner of the screen, then copy the Tenant name as this will be required in Authorising for use in Matillion ETL.

    Please Note

    The organisation's MindSphere Launchpad URL should take the form of <hostTenant>.<region>.mindsphere.io – for example company.eu1.mindsphere.io

  2. Next, click Developer Cockpit.

    MindSphere Launchpad

    MindSphere Launchpad

  3. Then, in the top left of the Developer Cockpit window, click + Create new application.

    Developer Cockpit

    Developer Cockpit

  4. Now, on the Create Application page, provide details for the following fields:

    • Type – select the type of application to be created
    • Infrastructure – select Self Hosted
    • Display Name – provide a descriptive name for the application
    • Internal Name – provide a shortened URL-friendly version of the application name
    • Version – provide version code for the application
    • Name – provide a name for at least one component
    • Direct URL – provide a direct URL for the application, then click +

    Please Note

    • Take note of the details entered here as they will be required in Authorising for use in Matillion ETL.
    • If API is selected for the application type, no app credentials will be provided via MindSphere Launchpad and will instead need to be configured via an API.
    Create Application

    Create Application

  5. The Add New Endpoint pop-up window will open. In the Path provide a path for the component and click Add.

    Add New Endpoint

    Add New Endpoint

  6. On returning to the Create Application page, click Save at the top right of the page.

    Save Application

    Save Application

  7. If all details were entered correctly before clicking Save, a green box will appear at the top of the screen stating, "Application created successfully". Next, under Roles, click configure ↗.

    Application created

    Application created

  8. The browser will then redirect to the Authorization Management tab of the Developer Cockpit. In the open App Roles window, click + Create Scope in the Application Scopes panel to add scopes. This step is not required to acquire credentials or authenticate the application.

    App Roles

    App Roles

  9. API roles must then be added. Click + on the MindSphere API Roles panel, then click + Add MindSphere API Role. This will open the MindSphere API Access pop-up window. From here, roles can be added one by one.

    Please Note

    The mdsp:core:shs.tenantAdmin and mdsp:core:tm.tenantAdmin roles are required to allow Matillion ETL third-party access.

    Add MindSphere API Role

    Add MindSphere API Role

  10. Next, on the sidebar on the left, click App Credentials.

  11. Enter the internal name of the newly created application in the Filter field, or locate it in the list below. Then, click the application's internal name to open the list item, and click the relevant application version. This will open the application's credentials window.

  12. Now, in the application's credentials window, click Issue access.

    App Credentials

    App Credentials

  13. The Data Access pop-up window will appear. Select the access level for the application then click Submit.

    Data Access

    Data Access

  14. The Data Access pop-up window will be replaced by the Service Credentials - Token Manager API pop-up window. Copy the codes in the fields under Client ID and Client Secret as they will be required in Authorising for use in Matillion ETL.

    Please Note

    • Make sure to copy the client secret right away as it may appear only once.
    • Additionally, when copying the codes, some browsers may add a space to the end of the code. Watch out for this as it will cause the credentials to fail.
    Copy the Client ID and Client Secret

    Copy the Client ID and Client Secret


Authorising for use with Matillion ETL

  1. If a MindSphere Extract connector is not already on the job canvas, search "MindSphere" using the Components search field, or find the MindSphere Extract connector under OrchestrationLoad/UnloadERP.

    Please Note

    An Orchestration Job must be open on the job canvas within Matillion ETL to ensure the MindSphere Extract connector is searchable within the Components panel.

  2. Then, click and drag the MindSphere Extract connector onto the job canvas.

    Search for MindSphere Extract connector

    Search for MindSphere Extract connector

  3. Click the connector icon on the job canvas to open the Properties panel at the bottom of the screen.

  4. Click ... next to the API Username input.

    Open MindSphere Extract connector properties

    Open MindSphere Extract connector properties

  5. In the the API Username pop-up window, enter the Client ID (copied from the Mindsphere Launchpad earlier).

    Enter API Username

    Enter API Username

  6. Then, click ... next to the API Password input. In the API Password pop-up window, paste the Client Secret (copied from the Mindsphere Launchpad earlier) into the Store in component field and click OK.

    Please Note

    Passwords and codes can also be saved using the Matillion ETL Password Manager. To learn how to do this, please refer to the Manager Passwords article.

    Enter API Password

    Enter API Password

  7. Next, click ... next to the App Name input. In the App Name pop-up window, paste the Internal Name (copied from the Mindsphere Launchpad earlier) into the field provided and click OK. Then, using the same process, paste the Version into the App Version input, paste the Host tenant into the Host Tenant input, and finally, paste the Tenant name into the User Tenant input.

    Enter App Name

    Enter App Name

  8. If all inputs are entered correctly, the connector should be authenticated and the status of the input will be displayed as OK.

    Authorizing Successful

    Authorisation Successful