Integration
There are several ways how some other application or project can integrate with MIKE Cloud Platform. From a completely public website to a fully integrated secured applications. Here we describe the most straightforward and recommended integration options.
Once you understand how to setup your app so it can communicate with the Platform, we recommend you read our SDK how to guides to get a quick overview of some of the Platform's functionality. The rest of this documentation describes concepts and functionality in detail.
Throughout this documentation, words Site and Tenant are sometimes used interchangeably, but they mean the same thing in the MIKE Cloud Platform.
Full integration with multi site application¶
The MIKE Cloud platform is designed as a multi tenant API, so your application can also be a multi tenant application.
- First of all, read this whole sections and then Apply for registration of your application.
- The recommended integration pattern is to use Backend for Frontend (BFF) pattern.
- Start building your UI and BFF and setup deployment pipelines. Your UI and BFF should be hosted on the Platform cluster, but any other resources you need should be deployed to your Azure Subscription. You will be required to support at least two environments, ideally all three. A fast way to get going is to use DHI.Platform.BFF template or a demo application.
- If you don't want your app to be Generally Enabled, setup Application License with Business Systems and make sure the license is added to the sites that should be allowed to use your application. This could even be a single site which would turn your application into a single tenant application. For single tenant applications, create a dedicated site once you Apply for registration of your application. The site owner (e.g. you) can that invite other users to the site in Cloud Admin.
- Assign Platform scopes that your application needs and optionally also define and assign scopes specific for your application.
- And that's all there is to it. Further steps really depend on how exactly you want your application to work. Consult specific needs with Platform team well ahead of time.
Diagram of the recommended integration with BFF pattern:
If you cannot use one of our SDKs or templates, please read Authentication details
Authentication only¶
You can use platform’s user authentication even though you will not work with the platform further. The benefit of this approach is that you will not need to implement your own active directory authentication process.
Authentication only is very similar to the full integration but all the token verification is up to your application and your application needs to check that the Bearer token contains correct TenantId claim.
In practice, you need to Apply for registration of your application and use the obtained client id and client secret in the authentication mechanism of your application. This way, you will get an Authentication token representing the user's identity (i.e. authentication), but any authorization and validation is the responsibility of your application.
Here is a Postman example illustrating how to get access token in dev and dev0 environments:
You will need some Open ID Connect client library in order to configure this authentication in you application. For further details, refer to how configure OAuth2 authentication in react or how configure Oauth2 authentication a C# desktop app.
Using Open API key or Device code flow¶
Using Open API key is generally not recommended because it is not possible to track user activity. How to generate the Open API key can be found here and how to use the key in the request can be found here.
An alternative to the Open API key it using the Device code flow supported by Platform's IAM service. This also does not allow us to tract user activity, but it is a more secure and modern option than the Open API key.
Recommended setup with device code flow authentication: