IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Planned for future release
Workspace Sterling B2B Integration SaaS
Categories Communication Protocols
Created by Guest
Created on Jan 8, 2026

RELATED IDEAS

IBM API GW should have a Option to choose Dynamic/Unique Scope Parameter for every new Token

IBM SCBN's largest Customer have successfully implemented a new Inbound Booking OAUTH2 API connection, which is operating in production with one trading partner as of today. This API connection replaces JMS MQ for transmitting booking interface data for all other TP's.

However, Customer requires that the API token be fetched for every transaction without caching, or alternatively, that IBM include a dynamic/Unique scope parameter for every new token. Since the scope in C:HUB is currently a fixed value, we need this to be made dynamic.


Ex: 
Call-1: Token: ABC
Scope: 123

 

Call-2: Token: XYZ
Scope: 234

 

Before Call2, IBM should continue to use the Call1 Token with scope(123) until it expires.?

Later for call2, a New Token with new Scope need to be used.?

 

  • Admin
    Manoj Panda
    Jan 8, 2026

    Thank you Siva, for sharing this detailed use case. We appreciate the context around migrating from JMS MQ to an OAuth2-based inbound booking API and the requirements emerging from high-volume, production usage.

    We understand the core ask is to support per-transaction token uniqueness, either by:

    • Fetching a new OAuth2 token for every transaction (no caching), or

    • Supporting a dynamic / unique scope parameter when requesting tokens, rather than a fixed scope value

    This is an important consideration for customers with strict security, traceability, or regulatory requirements, especially when moving from stateful messaging (MQ) to stateless APIs.

    From a platform perspective, we need to carefully evaluate the impact on token lifecycle management, performance, rate limits, and backward compatibility, while ensuring alignment with OAuth2 best practices and existing SCBN/API Gateway capabilities.


    To better assess feasibility and prioritize this enhancement, we’d like to clarify a few points about the intended behavior and constraints.

    Clarifying Questions

    1. Primary driver: Is the requirement driven mainly by security/compliance, transaction traceability, or a trading partner mandate?

    2. Expected behavior: Do you expect a new token per transaction always, or only when the scope value changes?

    3. Scope semantics: What does the dynamic scope represent (e.g., transaction ID, booking ID, TP identifier), and must it be unique per request?

    4. Token reuse rules: Is it acceptable to reuse an existing token until expiry when the scope remains unchanged, as described in your example?

    5. Volume & performance: What is the expected transaction rate, and have you evaluated any latency or token service throttling concerns with per-transaction token generation?

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.