Deploying Account Management API Service
note
Account Management API is now deprecated and we recommend that you use Account Management functionality built into Elastic Path Commerce 8.2 and later.
Pre-requisites
- Ensure that all requirements described in the Requirements section are met.
- Ensure that you have the URLs for the Account Management user interface, the Account Management API, and the identity provider.
- Ensure that your identity provider is configured correctly and:
- The Client ID and Client Secret values are available.
- The Admin Studio public URL is listed as a valid redirect URI in the identity provider if you use Admin Studio. For more information, see the
redirect_uri
parameter in OpenID Connect 1.0 -- Section 3.1.2.1.
- Ensure that you have access to the
account-management-2.3.x.zip
file in the Elastic Path Public Nexus repository. - Ensure that the MySQL compatible RDBMS service is provisioned, the schema is initialized, and the username, password, and other connectivity details are available.
Procedure
- Extract the files in the
account-management-2.3.x.zip
. Ensure that all contents including theaccount-management-api
folder are extracted. This folder contains the code to build the Docker image. - On your computer, build the Docker image using
account-management-api/Dockerfile
. - Push the Docker image to Amazon ECR (Elastic Container Registry).
- Deploy the Docker image in Amazon ECS (Elastic Container Service) with appropriate settings. For more information about the settings, see the Docker Image Environment Variables section.
Docker image environment variables
Parameter | Value |
---|---|
API_DB_USER | The username of the administrator account in the MySQL Account Management schema. |
API_DB_PASSWORD | The password of the administrator account in the MySQL Account Management schema. |
API_DB_CONNECTION_URL | jdbc:mysql//(MySQL Server IP/DNS Name):(MySQL Server Port)/(MySQL Account Management Schema)?characterEncoding=UTF-8 |
API_FELIX_WEBCONSOLE_USERNAME | The username of the administrator account for the Felix OSGi Web Console. |
API_FELIX_WEBCONSOLE_PASSWORD | The password of the administrator account for the Felix OSGi Web Console. |
AM_OIDC_DISCOVERY_URL | A URL that points to an OpenID Provider Configuration Document as defined in the OpenID Connect Discovery 1.0 standard -- Section 4. This URL ends with /.well-known/openid-configuration . |
AM_OIDC_CLIENT_ID | The OAuth 2.0 client identifier that must be used when making OpenID Connect 1.0 -- section 3.1.2.1. |
AM_OIDC_CLIENT_SECRET | The OAuth 2.0 client secret that is used as part of a client_secret_basic request OpenID Connect -- Section 9. |
AM_OIDC_ID_TOKEN_SCOPE | A space separated list of additional scopes that clients must request when authenticating against the identity provider. The primary use of this parameter is to set additional scopes that are required so that Account Management can determine the group membership of users. For example when using Okta, this value should be groups . |
AM_OIDC_ID_TOKEN_GROUP_KEY | The key to inspect in the UserInfo endpoint to determine whether this user is an associate or seller administrator. |
AM_OIDC_ID_TOKEN_ASSOCIATE_GROUP_VALUE | The value that exists in the UserInfo endpoint that indicates that the user is an associate. |
AM_OIDC_ID_TOKEN_SELLER_USER_GROUP_VALUE | The value that exists in the UserInfo endpoint that indicates that the user is a seller administrator. |
AM_AUTH_JWT_PRIVATE_KEY | The JWT private key. For more information, see the Requirements section. |
AM_AUTH_JWT_PUBLIC_KEY | The JWT public key shared with Elastic Path Commerce. For more information, see the Requirements section. |
AM_AUTH_TOKEN_LIFETIME_SECONDS | Specifies how long the authentication tokens issued to use the Account Management API are valid, in seconds. The recommended value is 3600. |
Validating API Service Deployment
- In a browser, navigate to
https://(Account Management API URL)/studio
. - Open the Authentication tab and click Authenticate.
- Log in to the identity provider with the seller administrator credentials. The system redirects you to Account Management Studio.
- In the right pane, click Entry Points.
- In the Server Defaults field, click associates.
The system displays a successful Helix response consisting of a pagination element and
results: 0
, indicating that:- The Account Management API setup is complete.
- The identity provider and Account Management API integration is successful.