Skip to Main Content
IBM Sterling

This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Planned for future release
Categories APIs & SDKs
Created by Guest
Created on Sep 30, 2021

Enable authentication by token on the Sterling B2B REST API

Seems like currently the B2B REST API only supports authentication of basic type, where username/password is sent in header of get/post/put HTTP call. Can there be a mechanism to authenticate via bearer token? Thanks very much!

What is your industry? Financial Markets
How will this idea be used?

We call the B2B API to replay files and retrieve information about trading partners and SSH remote profiles.

  • Guest
    Jul 19, 2022

    It is probably a bit wider than just authentication - it pretty much covers the general security of the REST services (so includes authorisation too)

    If i have REST service such as these:

    B2B REST APIs available in Sterling B2B Integrator - IBM Documentation

    B2B REST APIs available in Sterling B2B Integrator - IBMNote: The custom protocol names are not displayed on READ, UPDATE, and DELETE Trading Partner API calls, only the custom extension values are displayed. Hence, it is important that the custom protocol names that you provide are valid. Specify the correct customProtocolExtensions attribute and the corresponding custom protocol

    I can use them in two ways (or more or both):

    a. call them from back-office and other systems (non-human actors) and orb. design a custom UI and use the services (perhaps indirectly as we do) to support stories in the UI

    for (a) basic authentication might be ok (arguably although its so general an access it's not very safe, see 2.)...for (b) however I should expect to:

    1. authenticate like a microservice ... pass the identity of the logged in user (token) to SBI with the request so that SBI can assert it and trust it and

    2. authorise like a microservice ... be able to permission the individual REST endpoints - example might be that I can only GET /properties but you can GET PUT POST DELETE them. There is no way to do that in SBI

    maybe the best way to do this would be to refactor the /dashboard (and /filegateway etc) to actually use the Product's REST services. AFAIK the product doesn't do that - pls correct me etc.

  • Guest
    Dec 31, 2021

    HI there - I can see this is planned. could I get more information? What specifically is the scope you are aiming for (because I guess there are also authorisation considerations) and it is possible to - tentatively - indicated timeline?

    I'd be happy to have a call about this with Ryan in the NY. We are heavy users of the REST services.