We have an custom application does not support REST interface. but it provided APIs to get the accounts and manage the accounts.
Is it possible we can add another service layer which will provide REST API to Saviynt and the service layer will use the existng API of the custom application to manage the accounts reconciliation and provisioning?
If it is possible, is there any best practice available?
We know we could develop a custom connector to connect to the custom application directly. but we would like to use the REST interface.
Solved! Go to Solution.
Hi Lynn, I would assume if the target is not supporting REST, it might be SOAP.
And, you can convert SOAP to REST using AWS API Gateway or any other. Use Lambda functions for transformations and authentication.
I previously in one project used CA API Gateway , also known as Layer 7 at that time to convert APIs to REST and use the new url(API gateway one) as my recon / provisioning URL/Target.
Custom connector is an option too, haven't used that yet.
Having a disconnected app and then a custom jar in Saviynt to pick , provision and update status back in Saviynt might also be an option
Thank you so much for the information.
In your project of using the CA API gateway.
There will be two authentications:
1. When End User access the CA API gateway.
2. When CA API gateway access the legacy API.
Do you store the connection information of the legacy API in CA API gateway or the information need to be passed from end user?
I created a local identity user in gateway and password that is used for gateway authentication. And for fetching data from actual target and doing the XSLT transformations, used endpoint/target authentication.
As a consumer (which is Saviynt in this case), don't use the endpoint auth. That's all is in gateway configs. In Saviynt or postman , it is the gateway user and password.
To preciously answer your question "Do you store the connection information of the legacy API in CA API gateway or the information need to be passed from end user?"
yes stored it in API gateway. Legacy API auth is not passed by end user anywhere else.