Setting Security Options

Security options control access to TIBCO Cloud™ Integration - Connect objects, which can be accessed directly by users, or by other software via the API or an Endpoint URL.

Note: Changes to Security options may take several minutes to take effect.

From the Security Settings, you can:

Create Security rules for access to the TIBCO Cloud™ Integration - Connect API and TIBCO Cloud™ Integration - Connect Endpoint URL for Creating or Editing an On Event App.
Copy or reset the On event app (Event Solution) access token for the Endpoint URL used for inbound messages. This option is only for On event apps.
Note: Event Solutions refer to On event apps on this page.
Copy or reset the cryptographic token for the TIBCO Cloud™ Integration - Connect API.
Locate and copy your TIBCO Cloud™ Integration - Connect Organization ID, which is required when using the API.
Locate and copy your TIBCO Cloud™ Integration Subscription Locator. Subscription Locator is required when using the TIBCO Cloud™ Integration API and when granting access to a Marketplace listing to another organization. See Adding a Marketplace Listing to an Organization.
Determine whether you want to store source data for record errors in the cloud or on the computer where the Connect on-premise agent is installed.

Creating Security Rules

Use security rules to restrict access within an Organization to the TIBCO Cloud™ Integration - Connect API and Endpoint URLs to specified IP addresses or address ranges.

Note: To use an On event app, you must create at least one rule to allow the specified IP addresses to access the Endpoint URL for that app.

Note: When an On event app runs, TIBCO Cloud™ Integration - Connect sends a response to Messages or Requests for data from any one of three static IP addresses. Configure your Proxy Server, Firewall, or other network security devices to allow responses from these IP addresses to access your network. Static IP Addresses include:

54.204.16.213
54.83.47.195
23.23.251.57

From the menu, select Environment & Tools.
Under Environment Settings, select Security Settings.
From the Security page, select New Rule. A new row displays in the Rule table.
Select the Rule Name and enter a name for the rule.
To grant access, mark the check boxes for the following options:
- API Access — Grant access to the TIBCO Cloud™ Integration - Connect API for the selected IP address range. If selected, these IP addresses can access any TIBCO Cloud™ Integration - Connect feature that requires API access including On event apps and Execution History.
- Event Solution Access — Allow the selected IP addresses to access the TIBCO Cloud™ Integration - Connect Endpoint URL. Selecting this check box allows third-party access to the URLs generated in On event Message and Request/Reply flows for inbound messages or events.
Enter a starting and ending range of public IP addresses that should be granted access.
Note: To allow access to a single IP address, specify that address as both the starting and ending address.
Whitelisting IPv6 addresses is not supported. If you enter the entire IPv4 range of 0.0.0.0 to 255.255.255.255, IPv6 traffic can also access TIBCO Cloud™ Integration - Connect, however this does pose a security risk by removing the firewall into your Organization.
If required, create more rules.

When a Child organization is created, API and Event IP Addresses whitelisted on the Security Settings page are inherited by the Child organization. Subsequent changes to IP addresses in the Parent organization are not synchronized with associated Child organizations.

Event Solution Access Token

On event apps use a REST-based web service to allow access to TIBCO Cloud™ Integration - Connect from outside sources. The first time you save a On event app Message or Request/Reply flow, TIBCO Cloud™ Integration - Connect generates a unique Endpoint URL along with an access token.

When you create additional flows for On event apps, each flow has a unique Endpoint URL, but shares the access token across the Organization.

In general, you do not need to reset the access token. However, if security at your site is compromised, or your company policy requires it, select Reset to change the Access Token.

Note: When you reset the Access Token, the change is propagated to any On event app flows. However, you must change the Access Token for any source code that uses the TIBCO Cloud™ Integration - Connect web service.

API Cryptographic Token

Use this token to encrypt or decrypt Connection properties when reading, creating, or modifying Connections using the TIBCO Cloud™ Integration - Connect API. For additional information on the use of this token see the Connection Properties section of the API Help.

Copy the token to your clipboard.
Select Reset to generate a new token. If you generate a new token, you must update the token embedded in any software used to read or write Connection property data through the TIBCO Cloud™ Integration - Connect API.

Connect API Org Id

Click the Copy button to copy the Org Id and use it when accessing TIBCO Cloud™ Integration - Connect through the API. API calls to TIBCO Cloud™ Integration - Connect require your Organization ID as a parameter. See the Developer Portal for information on the API.

Subscription Locator

Click the Copy button to copy the Subscription Locator and use it when accessing TIBCO Cloud™ Integration through the API. API calls to TIBCO Cloud™ Integration require your organization's Subscription Locator as a parameter. See TIBCO Cloud™ Integration API Basics for information on the API.

Storing Source Data For Failed Records

When using TIBCO Cloud™ Integration - Connect, you can choose to whether or not to store source data for failed records. If you opt to store failed records, they can be stored either in the cloud or, for apps run by the Connect on-premise agent, locally on the computer where the Connect on-premise agent is installed. The default is to store source data for failed records in the cloud.

Note:

Source data for failed records is kept for 45 days regardless of where it is stored. After 45 days, it is removed and is no longer available for reprocessing.
When any of these settings are changed, there may be a short delay before the change takes effect. Wait a few minutes before executing the next app to allow the updated information to reach the agent.

Capture failed records for reprocessing — Enables/disables capturing any failed source records generated when an app runs. This setting applies to all TIBCO Cloud™ Integration - Connect apps in the organization. When the setting is disabled, all other failed records settings are ignored and no failed records are captured. If no failed records are captured, you cannot use the reprocess option in Execution History to reprocess failed records.
- Connect Cloud Agents — Enables/disables capturing failed records for apps run by the Connect cloud agent. Records are stored in the Cloud.
- Connect On-Premise Agents — Enables/disables capturing failed records for apps run by the Connect on-premise agent. If this setting is enabled, failed records are stored in the Cloud by default unless the following setting is enabled.
  - Keep failed records local — Enables/disables storing failed records locally for apps run by the Connect on-premise agent. This setting is ignored when the Connect On-Premise Agents setting is disabled.
    If Enabled:
    - Failed records are stored on the server where the Connect on-premise agent is installed. Selecting this option ensures that source data processed by the Connect on-premise agent is never stored in the cloud.
    - You can only reprocess source data for failed records for an app with the agent that originally ran the app.
    - The size of the agent database is limited. When that limit is reached, source records are deleted starting with the oldest and, therefore, may not be available for reprocessing.
    - From the Execution History details page, source data does not display for failed records.
      Note: Changing the Keep failed records local setting does not affect the data in apps that have already run or are currently running. Changes are only made to future executions of TIBCO Cloud™ Integration - Connect apps for this Organization.
    If Disabled:
    - Source data for failed records is stored in the cloud.
    - Source data for failed records is visible from the Execution History screen.
    - You can reprocess errors with any TIBCO Cloud™ Integration - Connect agent in the organization.
    - Default setting for this option to be disabled.

Changing Your API Password

The TIBCO Cloud™ Integration - Connect API does not support access using your TIBCO Cloud™ User Authentication. To use, the API you can establish a secondary basic authentication by selecting the Change API Password link on the Security Settings page. Enter and confirm your new password and select Save.

When accessing the API, use your TIBCO Cloud™ User Name and the new password. Note that the Change API Password process does not change the password you use to access TIBCO Cloud™ only the password used for the TIBCO Cloud™ Integration - Connect API.