Thank you to everyone who joined our recent Managing APIs with API Gateway webinar. We had some great questions during the session, so we’ve compiled them here along with answers shared by our presenter.
1. When should someone choose Swagger 2.0 versus OpenAPI 3.0 for an API definition?
At this point, everyone should start using OpenAPI 3.0 or 3.1.
2. If you have the choice, when do you recommend XML versus JSON for integrations, and why?
This is first determined by the endpoint’s capabilities. After that, it often comes down to individual preference. In general, JSON is lighter weight and easier to work with manually.
3. What are safe, practical ways to distribute and store the IONAPI credentials file securely?
There are several secure options, including secure sites, applications, or even an encrypted PDF. OneTimeSecret is a preferred option. When sending credentials to an Infor employee, KochPass is also used.
4. Is there a developer documentation page for core built-in API functions and endpoints?
Yes:
https://developer.infor.com/hub/apis
5. What are the best practices to limit existing APIs? For example, if we want to expose only part of the CPQ API and only a selected branch of functions.
If CPQ does not provide specific endpoint security functionality, an API Flow could be an appropriate way to control and limit what is exposed.
6. What is the simplest method to implement OAuth access for a third-party app?
The simplest approach is to use the Authorized Apps page in API Gateway to create an appropriate credentials file to send to the third party.
7. Is this option available for an Infor on-premises instance, not Infor OS?
InforOS / XI Platform on-premises versions included ION API with many suites. If that is not available, some ERPs may still offer SOAP and/or REST API capabilities.
8. What is the simplest way to execute an external API from LN and get the result?
This depends on LN capabilities. Some ERPs allow custom code to call external endpoints through the gateway.
9. What is the simplest way to execute an external API from ION?
Create a Connection Point API or use a Workflow with an API step, then search for the API call you want to test. The suite must include a Swagger document in order to be searchable.
10. Is it normal for an external call to an API Flow to have a much longer response time than a regular API call, even if the flow only contains one direct API call with a jQuery transformation?
It has been reported that an API Flow may take a minimum of around 90 seconds, even if the actual steps complete more quickly.
11. What is the difference between API Flow and Workflow?
An API Flow is used for publishing an endpoint where you control what is sent and received. A Workflow is typically used for user interactions, such as notifications and tasks.
12. Is there a way to download the API Flow_Create_POD_Orders example?
Please contact Brandon directly:
brandonw@tridexsys.com
13. Should we expect a third-party vendor to provide the Swagger document to create their suite? If not, what is the best way to make it?
Unfortunately, this cannot always be expected. More vendors are starting to provide Swagger documentation, but if needed you can create your own using SwaggerHub:
https://app.swaggerhub.com
AI tools such as ChatGPT, Copilot, and Claude can also help generate the YAML or JSON Swagger document.
14. Is it possible to use an API to retrieve a document from IDM in Base64 format instead of a URL link?
A binary stream call is typically available. To convert that into Base64, you can use the Merge activity in a Data Flow along with a script to encode the binary file.
15. Have you implemented a solution where data is pulled from SyteLine 10 via API and then written into Microsoft SQL Server database tables for ETL, staging, or warehousing?
This specific implementation has not been done in this case, but caution is advised when pulling large volumes of data through APIs. For cloud scenarios, Data Lake is generally the preferred method. ION can also read from and write to SQL databases.
16. Is it possible to limit certain methods from the CPQ API for external applications?
While there is no confirmed CPQ-specific answer here, an API Flow could likely be used to limit access. Request and Response Policies may also help.
17. Have you previously integrated Infor SyteLine 10 (CSI) using APIs to extract operational data and load it into Microsoft SQL Server tables for reporting or downstream systems?
This has not been done in this case, but the same caution applies: large-scale extraction through APIs may not be ideal. Data Lake is the preferred cloud approach, and ION can interact with SQL databases.
18. Can Backend Service apps in API Gateway utilize custom-built Infor API Flows, or are they restricted to only Infor-provided API Suites?
Yes. API Flows can be published to API Gateway, so Backend Service apps can access them alongside other API Suites.
19. If you hook up third-party APIs, does that allow other Infor applications to call them?
Yes. Third-party suites can be added successfully and then called from the ERP.
20. How do you install all these APIs? In our version of Infor Cloud, the list is really minimal.
Available API Suites depend on the applications and services purchased. Some organizations have many more because they have purchased additional tertiary applications through Infor. Each customer only sees the suites available for what they own.
21. Can you show an example of how to integrate with another application?
A good place to start is the Infor ION API SDK GitHub repository:
https://github.com/infor-cloud/ion-api-sdk
22. Is there a limit on API calls with Infor CSD, or a charge based on usage?
Yes. Depending on your Infor OS tier, there are usage limits for various cloud platform services:
https://docs.infor.com/inforosulmt/xx/en-us/usagelimits/default.html
23. I need to build an API for a vendor to query matrix data, but I want to limit which matrices they can access.
This can become a bit more complex and depends on where and how the data is stored. One possible solution is to create an API Flow that explicitly controls what the caller can access.
24. When will BaaS be available in the cloud?
BaaS is available now as an add-on service. Reach out to your Infor representative for details.
25. Should I instead create a new suite and apply the limitations in the API Flows?
Yes. That would align with the earlier recommendation around using API Flows to enforce limitations.
26. Was this session recorded? I’m especially interested in the Postman portion.
Yes — the session was recorded. You can watch it here:
27. Do I need separate APIs for each company in CSD?
No. In CSD, the cono / companyNumber field is required in the JSON request and must be passed with each call.
28. Once we configure the suite with OAuth 2.0 authorization, how should we design the Swagger document to use that configuration?
The Swagger document does not need information related to servers, target endpoints, or OAuth. The Target URL and Target Endpoint Security are controlled within the Suite details in API Gateway.
If you missed the webinar or would like to watch it again, you can view the recording here: YouTube Recording:
