I'm not entirely sure this is the right Forum for this topic. I've found various examples, and know where to look on IBM.com to find information about API's, so I can get to the basics.
We have a situation where we have a web-based program. Our warehouse users want to use it to perform inventory transactions on the iSeries. Our inventory transactions have to be carefully regulated because they are considered financial data. My local guru has suggested a method to do this. I'm just now investigating, but wonder if anyone has any suggestions or examples of something similar.
Does this sound workable? Does anyone have any ideas to make this better or safer? The entire prospect makes me a little nervous.
Thank you!
We have a situation where we have a web-based program. Our warehouse users want to use it to perform inventory transactions on the iSeries. Our inventory transactions have to be carefully regulated because they are considered financial data. My local guru has suggested a method to do this. I'm just now investigating, but wonder if anyone has any suggestions or examples of something similar.
- Software will prompt user for their AS/400 userid and password
- Setup an API in iSeries application for Software to call with a read-only ID. (This will be hard coded in connection string)
- Software will pass userid and password as parameters to a stored procedure.
- The ID here is a "generic" ID that is used by the external software. It already exists and has read-only access to our files
- API will call a program that has *OWNER authority to authenticate userid and password (QSYGETPH)
- This is needed because you must have *USE to a profile to authenticate to it.
- If fails return failure with message
- If passes continue
- If validated then check the iseries application user group for that profile passed in PARM to see if they can do inventory transaction.
- If not: failed.
- If yes: continue
- Use (QWTSETP) to switch connection to run under the AS/400 id provided by Software. I'm assuming he means switch to the actual user's ID
- Perform the inventory transaction. (I've got this part handled )
- Use (QSYRLSPH) to release the id
- Return processing status to Software.
Does this sound workable? Does anyone have any ideas to make this better or safer? The entire prospect makes me a little nervous.
Thank you!
Comment