Managing SDK credentials and services

The InCountry Portal allows you to manage SDK credentials and services for communicating regulated data between the InCountry platform and your systems and applications.

On the environment details page, you can view the three blocks, as follows:

• SDK credentials - shows the number of credentials created to use the InCountry SDK.

• Services - shows the number of services created.

• Encryption Keys - shows the number of encryption keys created.

Within each environment, you can have multiple pairs of SDK credentials that you can use to manage data records on the InCountry platform with the SDK. Additionally, you can create services for the operation of the InCountry Data Residency for Salesforce package, data communication through REST API, management of resident functions, or operation of Border. Besides this, you can also manage encryption keys for a specific country where you store regulated data records.

Managing SDK credentials

SDK credentials are a pair of Client ID and Client Secret that you can use to connect to a secure data store provided by the InCountry platform in a specific country through the SDK.

All SDK credentials are attributed to the specific environment within which you have created them.

You can manage SDK credentials, as follows:

1. create new SDK credentials

2. edit names of SDK credentials

3. delete the no longer needed SDK credentials

Creating new SDK credentials

By default, the InCountry Portal does not create a default pair of the SDK credentials together with the creation of a default environment. You can create new SDK credentials once needed.

To create new SDK credentials:

1. Open a specific environment where you want to create new SDK credentials.

   

2. Click Generate SDK Credentials.

   

3. On the New SDK Credentials page, enter a meaningful name for a new pair of SDK credentials.

4. Click Next.

   

5. Enter the verification code and click Create.

6. The InCountry Portal generates SDK credentials (Client ID and Client secret) that you can you further use to manage data on the InCountry platform with the SDK.

   

7. On the newly opened page, copy the Environment ID, Client ID, and Client Secret. Save them in a secure place as you will not be able to recover them. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

New SDK credentials will appear within the environment.

note

You can create up to 10 pairs of SDK credentials per one environment.

Renaming SDK credentials

You may need to rename the SDK credentials in some cases if the current name does not reflect the actual purpose of these SDK credentials.

1. Open the environment.

2. Click the SDK Credentials block.

3. On the list with SDK credentials, locate the SDK credentials you want to rename.

   

4. Click the Rename SDK Credentials icon.

   

5. On the Rename SDK Credentials page, update the name for the SDK credentials.

6. Click Next.

7. Enter the verification code and click Update.

Deleting SDK credentials

If you no longer need some SDK credentials, you can delete them. After the removal, the SDK credentials are no longer valid, so you cannot use them for further data management on the InCountry Platform. To get access to data stored within the environment, you will need to create SDK credentials.

1. Open the environment.

2. Click the SDK credentials block.

3. On the list with SDK credentials, locate the SDK credentials you want to delete.

   

4. Click the Delete SDK Credentials icon.

5. Enter the verification code and click Delete.

Managing services

A service is an entity representing a connection point that can be used to integrate your system with other components of the InCountry platform or SaaS services (like Salesforce).

You can manage services, as follows:

1. create new services

2. renew existing services

3. delete the no longer needed services

note

Please consider that you can create only service of each type per one country. You cannot create multiple Salesforce, resident functions, or REST API services for the same country within the same environment.

Creating new services

The InCountry Portal does not create a default service together with the creation of a default environment. You can create a service of the four types, as follows:

1. Salesforce is used for the operation of the InCountry Data Residency for Salesforce package.

2. Resident Functions is used for the management and execution of resident functions on the target Point-of-Presence (PoP).

3. REST is used for data communication with REST API.

4. Border is used for data communication through Border and redaction / unredaction of regulated data processed by Border.

Creating a new Salesforce service

1. Open the environment where you want to create a new service.

   

2. Click Create service.

   

3. On the New Service page, define the configuration of the service, as follows:

   • Type - select the Salesforce service from the list.

   • Name - enter the name of the service.

   • Country - select the country for the service setup.

4. Click Next.

5. Enter the verification code.

6. Click Create.

   

7. On the page with the created Salesforce service, save the environment ID, Client ID, Client Secret, REST API address, and Subject Claim. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

tip

Use the received credentials to establish a connection to the InCountry platform in the InCountry Data Residency for Salesforce package and to configure endpoints.

Please do not forget to save the subject claim as it is used as unique identifier of the tenant on the InCountry platform.

Uploading the public certificate

note

Before uploading a public certificate to InCountry Portal, please configure OAuth2 authorization in Salesforce as described in our documentation.

1. Once you have created the Salesforce service and registered a self-signed certificate in Salesforce, you need to upload the public certificate in the CRT format to the InCountry Portal.

2. Open the environment where the Salesforce service was created.

3. Click the Services block.

4. On the list with services, locate the service of the Salesforce type.

   

5. Click the Upload Certificate icon.

   

6. Click Select Certificate and select the public certificate you downloaded from Salesforce.

7. Click Next.

8. Enter the verification code and click Upload.

note

Salesforce generates a certificate for one year, after this period you need to re-generate the certificate and upload its new version on the InCountry Portal. Click the Replace Certificate icon and upload a new version of the certificate. The procedure is quite similar to certificate upload.

Creating a new Resident Functions service

1. Open the environment where you want to create a new service.

2. Click Create service.

   

3. On the New Service page, specify the following information:

   • Type - select the Resident Functions service type from the list.

   • Name - enter the name of the service.

   • Country - select the country for service setup.

4. Click Next.

5. Enter the verification code.

6. Click Create.

   

7. On the page with the created service of the Resident Functions type, save the environment ID, Client ID, Client Secret, and REST API address. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

If needed, you can instantly proceed with publishing resident functions by clicking Publish Resident Function. For the details on managing resident functions, please check Managing resident functions.

A new service of the Resident Functions type will appear on the list with other services within the current environment. Having created such service, you can proceed with the publication of resident functions.

Creating a new REST service

1. Open the environment where you want to create a new service.

2. Click Create service.

   

3. On the New Service page, specify the following information:

   • Type - select the REST service type from the list.

   • Name - enter the name of the service.

   • Country - select the country for service setup.

4. Click Next.

5. Enter the verification code.

6. Click Create.

   

7. On the page with the created REST service, save the environment ID, Client ID, Client Secret, and REST API address. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

A new REST service will appear on the list with other services within the current environment.

Creating a new Border service

1. Open the environment where you want to create a new service.

2. Click Create service.

   

3. On the New Service page, specify the following information:

   • Type - select the Border service type from the list.

   • Name - enter the name of the service.

   • Country - select the country for service setup.

4. Click Next.

5. Enter the verification code.

6. Click Create.

   

7. On the page with the created Border service, save the environment ID, Client ID, Client Secret, and Border address. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

A new Border service will appear on the list with other services within the current environment. You can proceed with defining the Border configuration.

Renewing the service

You can renew the Client ID and Client Secret that are used within a particular service. This may be required for key rotation or when you lost the client secret but do not want to create a new service.

1. Open the environment.

   

2. Click the Services block.

3. On the list with services , locate the service you want to renew.

   

4. Click the Renew Service icon.

5. Enter the verification code.

6. Confirm the operation by clicking Renew.

7. On the page with the renewed service, save the environment ID, Client ID, Client Secret, and REST API address. To download a text file with all these credentials, click Download text. To copy these credentials to the clipboard, click Copy to clipboard.

8. When complete, click Close.

Deleting the service

If you no longer need some service, you can delete it. After the removal, the issued credentials for the service will be no longer valid, so you cannot use them for further data management on the InCountry platform.

1. Open the environment.

2. Click the Services block.

3. On the list with services, locate the service you want to delete.

   

4. Click the Delete Service icon.

5. On the Delete Service page, enter the verification code.

6. Once entered, click Delete.