Getting Started

Initial Steps

 

5G Edge computing is a collaboration between cloud service providers and Verizon and setting up to use the Edge Discovery Service requires you to take actions in both platforms:

  1. Find the regions defined in the Verizon 5G edge network, and then identify the regions where you want to deploy your application.
  2. Create one or more service profiles that describe the resource requirements of the application services that will be deployed at the edge.
  3. Use the region names and service profiles to find the optimal 5G Edge platforms to deploy to in each region. (You can, optionally, use a user equipment identifier instead of a service profile to find optimal 5G Edge platforms based on the IP address of that equipment.)
  4. Through your cloud service provider, deploy your application's edge services to each of the 5G Edge platforms identified in the previous step.
  5. Note the endpoint information for each of the deployed services; such as the FQDN, IPv4 address, IPv6 address, port and URI.
  6. Register the endpoints with the Edge Discovery Service. In essence, you are telling the Edge Discovery Service, "Service XYZ is deployed to platform A at endpoint 123.23.345.111, and to platform B and endpoint 345.56.567.123."

After you have completed the above steps, you can send API requests to find the optimal service endpoints for specific client devices to connect to.

Steps 1-6 can be incorporated into your deployment processes. The request to find optimal service endpoints for each client session can be incorporated into the client application, or built into a cloud-based client routing service that is called at the beginning of each session.

Tutorial

 

Robert Belson (of Verizon's 5G MEC blog) has put together a tutorial to get up and running with public MEC.

 

5G Edge Developer Credentials and Tokens

 
5G Edge Developer Credentials and Tokens

 

You need an API Token to send API requests through the 5G Edge Developer Platform. You must register and sign in to be able to get keys and generate tokens to work with the Edge Discovery Service API.

 

Obtaining an API Token

 

We use the OAuth2 “client credentials” grant type to authenticate an API caller before providing an access token. We require that the application key and secret are Base64 encoded. To obtain an access token:

  1. Sign in or Sign up at the 5G Edge Portal.
  2. Click "API Keys" from the menu selections at the top of the page. You can also click on your login icon (in the upper right corner) and from the drop-down select "API Keys". 
  3. Copy the key and the secret and store them in a secure place for your application to use.
  4. Concatenate the key and the secret, with a colon between them, like this: my_key_value:my_secret_value
  5. Encode the entire string in Base64 format. (To learn more about encoding in Base64 format, visit www.base64encode.org).
  6. Get a token by sending a POST request to 5gedge.verizon.com/api/ts/v1/oauth2/token with the encoded string in the header.

 

cURL Example:

 

curl -X POST -d "grant_type=client_credentials" -H "Authorization: Basic BASE64_ENCODED_APP_KEY_AND_SECRET" -H "Content-Type: application/x-www-form-urlencoded" "https://5gedge.verizon.com/api/ts/v1/oauth2/token"

The response will contain an access_token property that you must include as the authorization bearer token in the header of all API requests. The token will be valid for one hour from when it was first issued and any further token requests during that time will return the same token.

 

New OAuth Scopes

 

Current behavior for a Request Token, by default, the response is a "Full Access" token and doesn't require a scope to be specified:

curl --location --request POST 'https://5gedge.verizon.com/api/ts/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {token}' \
--data-urlencode 'grant_type=client_credentials'

if no scopes are specified, TSCore will respond with the "Full Access" scope:

{"access_token":"{token}","scope":" ts.application.ro ts.mec.fullaccess","token_type":"Bearer","expires_in":3600}








What is changing

 

There will now be a "Full Access" and "Limited Access" scopes for the OAuth request token.

 
Full Access

 

Implicit Request:

First options with the current process will respond with a Full Access scope (By Default) just like the current request process:

curl --location --request POST 'https://5gedge.verizon.com/api/ts/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {token}' \
--data-urlencode 'grant_type=client_credentials'

Response:

 If the token is already migrated, or if the Access Token was generated using a new client/secret using the new services, the response will include the "Full Access"  scope ( ts.mec.fullaccess ):

{"access_token":"{token}","scope":" ts.application.ro ts.mec.fullaccess","token_type":"Bearer","expires_in":1628}

Explicit Request:

The new explicit request requires two scopes to be specified (ts.application.ro  and ts.mec.fullaccess):

curl --location --request POST 'https://5gedge.verizon.com/api/ts/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {token}' \
--data-urlencode 'scope=ts.application.ro ts.mec.fullaccess' \
--data-urlencode 'grant_type=client_credentials'

Response:

Generating the access token using a client/secret, and the new services, the response will include the new scope ( ts.mec.fullaccess ):

{"access_token":"{token}","scope":"ts.application.ro ts.mec.fullaccess","token_type":"Bearer","expires_in":3600}

 

Limited Access

 

The new explicit request requires two scopes to be specified (ts.application.ro  and ts.mec.limitaccess):

curl --location --request POST 'https://5gedge.verizon.com/api/ts/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {token}' \
--data-urlencode 'scope=ts.application.ro ts.mec.limitaccess' \
--data-urlencode 'grant_type=client_credentials'

Response:

The response will include one new scope ( ts.mec.limitaccess ):

{"access_token":"{token}","scope":"ts.application.ro ts.mec.limitaccess","token_type":"Bearer","expires_in":3600}

 

New error responses

 

Token request with the wrong scope

 

Only the "Full Access" or "Limited Access" scopes can be used with the MEC API Endpoints. If an invalid token scope is requested the expected behavior is a 401 error. For example:

curl --location --request POST 'https://5gedge.verizon.com/api/ts/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {token}' \
--data-urlencode 'scope=ts.application.ro ts.mec.invalidaccess' \
--data-urlencode 'grant_type=client_credentials'

will result in the folowing response:

{"status": "401","message": "Invalid Token or Scopes" }

 

Please note: a "Full Access" token is required for any of the /serviceprofiles or /serviceendpoints API endpoints. A "Limited Access" token only has access to the Discovery API endpoints. Please see the table below.