Skip to content

Integration Hub

Integration Hub (IH) is a Sidra feature based on Azure Service Bus. It works as a cloud messaging solution that facilitates asynchronous message delivery between Data Products and Sidra Service.

Refer to the complete guide for configuring the Integration Hub in Sidra.

Check how to monitor metrics from Sidra IH.

Security

This Service integrates an Azure Service Bus located on the DSU with Sidra security through Sidra API.

Communication is based in Service Bus Topics.

More info on Topics and other Service Bus concepts can be found here.

Role-Based permissions are used to determine which methods of the API a user can execute, as in all Sidra APIs. Permissions required for each method are specified below.

Fine-granularity permissions can be granted individually on each Topic. An user may be granted permissions to Listen from Topic A, Send messages to Topic B, Manage Topic C and "no permissions at all" on Topic D. Integration Hub API will use those permissions to limit what a user can or can't do with a specific Topic.

Connection to the Service Bus is based in SAS tokens. Each token supports an Authorization Policy that defines the permissions granted to the connected client.

See more information here.

API

There is only one controller in this API, the TopicsController, with the following methods:

GET api/topics/{idDataStorageUnit:int:min(1)}

  • Allow a user to get a list of all Topics in the DSU
  • Requires ReadIntegrationHub permission
  • Users will only see Topics if they had any kind of permission granted on them

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}

  • Retrieves info about a single Topic
  • Requires ReadIntegrationHub permission
  • Users will only see Topics if they had any kind of permission granted on them.

POST api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}

  • Creates a new Topic
  • Requires WriteIntegrationHub permission
  • Creator user is automatically granted Listen, Send and Manage permissions on the new Topic

DELETE api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}

  • Deletes a Topic
  • Requires DeleteIntegrationHub permission
  • User must have Manage permission on the Topic to delete it

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/authpolicies

  • Returns a list of the existing SAS Authentication Policies on a specific Topic
  • Requires ReadIntegrationHub permission
  • Authentication Policies with higher permissions than the user making the request are not shown

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/authpolicies/ {policyKeyName}

  • Returns a specific SAS Authentication Policy on a specific Topic
  • Requires ReadIntegrationHub permission
  • Authentication Policies with higher permissions than the user making the request are not shown

POST api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/authpolicies

  • Creates a new SAS Authentication Policies on a specific Topic
  • Requires WriteIntegrationHub permission
  • An user cannot create a Policy with a higher level of permissions than himself
  • Request body expects a list of policies, which possible values could be:
    • 0: 'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
    • 1: 'Send' - Confers the right to send messages to the entity
    • 2: 'Listen' - Confers the right to receive (queue, subscriptions) and all related message handling

Microsoft's documentation related to SAS policies can be found here.

DELETE api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/authpolicies/ {policyKeyName}

  • Deletes a specific SAS Authentication Policy on a specific Topic
  • Requires DeleteIntegrationHub permission
  • User must have Manage permission on the Topic to delete a Policy

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/authpolicies/ {policyKeyName}/sas

  • Obtains a SAS token for a specific Topic and Auth Policy
  • Requires ReadIntegrationHub permission
  • User must have a level of permission on the Topic equal or higher than the specified Policy to get a SAS token

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/subscriptions

  • Gets a list of Subscriptions to a specific Topic
  • Requires ReadIntegrationHub permission
  • User must have Listen or Manage permission on the Topic to see the Subscriptions

GET api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/subscriptions/ {subscriptionKeyName}

  • Gets a specific Subscription to a specific Topic
  • Requires ReadIntegrationHub permission
  • User must have Listen or Manage permission on the Topic to see the Subscriptions

POST api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/subscriptions?subscriptionKeyName={subscriptionKeyName}

  • Creates a new Subscription to a Topic
  • Requires WriteIntegrationHub permission
  • User must have Listen permissions on the specific Topic

POST api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/subscriptions/labelrule

  • Add a filter rule to a Subscription based on the Label property. This mean, this subscription will only get message from the Topic if Label equals the provided value
  • Requires WriteIntegrationHub permission
  • User must have Listen permissions on the specific Topic

DELETE api/topics/{idDataStorageUnit:int:min(1)}/{topicKeyName}/subscriptions/ {subscriptionKeyName}

  • Deletes a Subscription from a Topic
  • Requires DeleteIntegrationHub permission
  • User must have Manage permission on the Topic

PUT api/topics/{idDataStorageUnit}/permissions

  • Grant permissions in a Topic to a specific User.
  • Requires WriteIntegrationHub permission.
  • User granting the permissions must have Manage permission on the Topic

More information is detailed in the API section for Integration Hub.

Last update: 2024-04-08