Skip to content

Automate data upload

IBM Food Trust™ APIs are provided for your data integration experts to automate data uploads for your organization. IBM Food Trust APIs are simple REST APIs, so the automated process is similar to manually uploading data. To automate, a registered IBM Food Trust system user for your organization will authenticate and upload conforming XML data.

GDPR notice

Attention: To comply with EU General Data Protection Regulation (GDPR) data privacy requirements, you must ensure that no personal data is uploaded to IBM Food Trust in any free-form text fields or in any comments.

IDs and tokens

IBM Food Trust runs on IBM Cloud, so the service ID that you create for your system user must first be configured for both environments. First, the service ID must authenticate to IBM Cloud using the API key (password) and request a Cloud IAM token. Using the Cloud IAM token, the system user must then authenticate the Service ID to IBM Food Trust and request an IBM Food Trust service token. This service token is then used by the system user to authenticate API calls, until the token expires (after one hour).

Preparing for automation

Complete the following steps to prepare for automating your IBM Food Trust data uploads:

  1. Obtain the product and facility identifiers (GS1 or IBM Food Trust) that your Supply Chain Experts have mapped.
  2. Verify that the product and facility identifiers have been registered with IBM Food Trust.
  3. Identify your critical supply chain events and translate them into their corresponding EPCIS events.
  4. Prepare templates for the EPCIS events, in either XML or Spreadsheet format (Microsoft® Excel™). To facilitate automated workloads for a variety of environments, process flexibility is provided. For example, you could build templates for each EPCIS event for a product, for groups of similar products, or based on the event type. 
  5. Determine which of the optional fields to use for EPCIS events, if any.
  6. Decide how to capture the data for your EPCIS templates. Any data not available from your current environment will need to be generated. For example, EPCIS events require a Universally Unique Identifier (UUID), which in most cases requires new code.

Automation methodology

To automate your EPCIS event uploads to IBM Food Trust, apply the following methodology. Your automation code must:

  1. Generate or collect the required EPCIS event data.
  2. Create and complete the EPCIS event XML file.
  3. Upload the XML file using the Connector API.
  4. Handle errors resulting from the REST API calls. 

To facilitate error handling, your automation code should also:

  1. Error check the HTTP request and response. The HTTP request could fail if there are network connection issues between the HTTP client and IBM Food Trust. The HTTP response from IBM Food Trust could contain an error code if there are problems with the request, such as a 401 authorization error or a 400 invalid XML format error. Your automation code should include specific error handling, such as printing error messages to application logs and retrying the request.
  2. Save a) the assetIdUri from the JSON returned by the Connector API POST request, b) the UUID of the event loaded, and c) details of the event for future reference or debugging.

Event data rules

Apply the following rules when automating your EPCIS event uploads to IBM Food Trust:

  • Event IDs must be unique to be viewed in the IBM Food Trust UI, so using UUIDs is highly recommended.
  • Any duplicate event IDs are replaced in the UI by the most recent upload, but are not overwritten on blockchain.
  • An erroneous event upload cannot be removed from blockchain, but it can be removed from the IBM Food Trust UI by uploading a new event with the identical Event ID.
  • Events cannot be combined into a single event. For example, a commission event is required when a product instance is created, and an aggregation event is required when the product is packed and shipped.
  • For any specific supply chain product scenario, the order in which the events are uploaded has no effect on the sequential ordering of the supply chain events. Only the event timestamps in the XML uploads determine the sequential ordering of supply chain events.

Automation overview

As described in the Automation procedure below, you will complete the following steps to configure a system user for automated data uploads:

  1. Configure an IBM Food Trust system user.
  2. Create an IBM Cloud Service ID and API key (password).
  3. For the IBM Cloud Service ID, create a system ID in the IBM Food Trust UI.
  4. Use the Service ID API key to generate an IBM Cloud Identity and Access Management (Cloud IAM) service token.
  5. Use the Cloud IAM token to generate an IBM Food Trust service token.
  6. To authorize the client to send XML data to IBM Food Trust, specify the IBM Food Trust service token in the authorization header of each API call.
  7. Regenerate IBM Food Trust service tokens as needed; they expire after one hour.

Automation procedure

Complete each step below to configure your system users for automated data upload to IBM Food Trust:  

1. Configure an IBM Food Trust system user

a. Create an IBM Cloud account if you do not already have one.

b. Sign in to IBM Cloud Service IDs with your IBMid.

c. Click the Create button:
Figure 1. Service IDs tab
Automation

Enter a name and a description, and click the Create button.  Figure 2. Create service ID
Automation

d. Copy and Save the "ServiceId" value at the top of the screen (for example, ServiceId-4807b3fb-11d9-4304-b3da-8205a77d6f8a). This value is required to register the Service ID with IBM Food Trust.

Figure 3. API keys tab
Automation

e. Click the API keys tab and then click the Create button.

f. Enter a name and description and click the Create button.

g. Click the Download button and save the value of the API key to a secure location. The API key is the password for the service ID. If the API key is lost it cannot be regenerated, which would require creating a new Service ID. 

Figure 4. Copy and save or download the API key
Automation

Once the API key is securely saved and readable, close the window.

2. Define the Service ID as an IBM Food Trust system ID

The next step is to define the IBM Cloud Service ID as an IBM Food Trust system ID:

a. From the IBM Food Trust UI menu, select the Users module.

b. Select the system IDS tab and click the Create button.

c. Record your Organization ID, which is required for future token generation steps.

Figure 5 system ID Tab
Automation

d. Enter the IBM Cloud Service ID as the IBM Food Trust system ID and click the Add system ID button.

Figure 6. IBM Cloud Service ID entered as IBM Food Trust system ID
Automation

e. Press the Close button. The system ID will be created.

Attention: The examples below use an HTTP client for illustration purposes. For automation, simply integrate these HTTP requests into your user application code.

3. Generate an IBM Cloud IAM service token

Use the system ID API key from the previous step to generate an IBM Cloud Identity and Access Management (Cloud IAM) token:

Use the following HTTP request for the IBM Cloud IAM service token format:

POST https://iam.cloud.ibm.com/identity/token
Header: Content-Type: application/x-www-form-urlencoded
Body: grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=YOUR_API_KEY

Figure 7. Specify the system ID API key
Automation

A successful response is an HTTP 200 message that includes the IBM Cloud IAM service token. You will send this token to IBM Food Trust in exchange for an IBM Food Trust service token.

Figure 8. Response with IBM Cloud IAM service token
Automation

4. Generate an IBM Food Trust service token

Use the Cloud IAM token to generate an IBM Food Trust service token. To request an IBM Food Trust service token, use the following HTTP format:

POST 
https://food.ibm.com/ift/api/identity-proxy/exchange_token/v1/organization/{Org_Id}
Header: Content-Type: application/json
Body: The entire JSON response from the Cloud IAM token in step 2

Figure 9. IBM Cloud IAM token generation (a)
Automation

Figure 10. IBM Cloud IAM token generation (b)
Automation

A successful response is an HTTP 200 message that includes the IBM Food Trust service token. Attention: Only the onboarding_token value is used in subsequent requests, not the entire returned JSON string.

Figure 11. Response with onboarding token
Automation

5. Specify IBM Food Trust service token

To authorize the client to upload XML data to IBM Food Trust, specify the IBM Food Trust service token in the authorization header of each API call.

From the generated IBM Food Trust service token, specify only the onboarding_token value (no double quotation marks) in the authorization header. This Bearer token authorization requires the authorization header format of 'Bearer onboarding_token_value'.

The following example API call demonstrates the required authorization header format:

POST https://food.ibm.com/ift/api/connector/fs/connector/v1/assets
Header: Content-Type: application/xml  
Header: Authorization: Bearer ONBOARDING_token_VALUE
Body: IBM Food Trust conforming XML

Figure 12. Specify service token in authorization header (a) Automation

A successful response is an HTTP 201 message that includes the asset ID.

Figure 13. Specify service token in authorization header (b)

Automation

6. Generate new IBM Food Trust service tokens

Generate new IBM Food Trust service tokens as needed; they expire after one hour. If an expired service token is specified with an API call, an HTTP 401 (Unauthorized) message is returned. New tokens can be generated at any time; the system user does not have to wait until the current token has expired. To maximize the active duration, the current token can be cached and reused.

The following simple approaches can be used to generate a new service token to replace an expired or expiring token:

  • Request a new a token after getting a 401 for the current token. The application must also retry the failed request(s).
  • To avoid authorization failures, set a timer for less than one hour when generating a service token. When the timer elapses, the application can generate a new service token.