As a VantageCloud Lake customer, you can now access and use the BaaS APIs using the personal access tokens (PAT).
Currently the PAT is enabled only for the DATABASE_USER role.
Limitations
In the current version, the following are some limitations in using the BaaS APIs with the PAT approach:
- If you are using BYODIP and you update the role mapping, only the customer entries are modified but not the roles in the cloud control plane (CCP).
- You can access the token even after deleting a BYOIDP user.
- The account ID shown in the API response is the internal account ID in the format acc-xxx, which is different from what you see on the user interface.
The following are the high-level steps in creating a PAT and accessing BaaS APIs by a customer.
- Create a key pair (private and public) on the console.
- Create a personal access token (PAT) on the console.
- Create a JWT token (you can either use BaaS created script or follow your own steps).
- Create a payload for JWT token header and payload.
- Create a signature of the header and payload using the private key in step 1.
- Creates a JWT token using header, payload, and signature.
- Access APIs using the JWT token.
For PAT creation and security information, contact Teradata account team.