FAQ - Permissions & API Access
Common questions about Boomi AtomSphere API permissions and security best practices for Nodinite monitoring.
What Boomi AtomSphere API permissions does the Monitoring Agent require?
Minimum: Boomi Operator role provides read-only access to Atom status, process execution history, environment details, execution logs. Sufficient for monitoring and alerting, but cannot execute remote actions (restart processes, deploy components).
Recommended: Boomi Administrator role provides full read/write access enabling all Nodinite features: monitoring + alerting + remote actions (restart processes, pause/resume Atoms, deploy packaged components, purge logs). Required for delegated management features.
Feature comparison:
| Feature | Operator Role | Administrator Role |
|---|---|---|
| Monitor Atom availability | ✅ Yes | ✅ Yes |
| Monitor process execution | ✅ Yes | ✅ Yes |
| View execution logs | ✅ Yes | ✅ Yes |
| Restart failed processes | ❌ No | ✅ Yes |
| Pause/resume Atoms | ❌ No | ✅ Yes |
| Deploy packaged components | ❌ No | ✅ Yes |
| Purge process logs | ❌ No | ✅ Yes |
Security best practice: Create dedicated service account nodinite-monitoring@company.com with Administrator role, rotate API token quarterly, store credentials encrypted in Nodinite via Secret Management, restrict to Nodinite server IP via Boomi IP whitelist (AtomSphere → Account Settings → IP Restrictions).
How do I create a Boomi service account for Nodinite?
Step-by-step setup:
- Log into Boomi AtomSphere as account administrator
- Navigate to: Settings → Account Information → Users
- Click "Add User" button
- Configure service account:
- Email:
nodinite-monitoring@yourcompany.com(use valid email for password reset capability) - First Name: Nodinite
- Last Name: Monitoring Service
- Role: Administrator (required for Remote Actions)
- Status: Active
- Email:
- Generate API token:
- Navigate to: Settings → Account Information → API Tokens
- Click "Generate API Token" for nodinite-monitoring user
- Copy token immediately (only shown once, cannot retrieve later)
- Test credentials:
- Use Boomi API test endpoint:
GET https://api.boomi.com/api/rest/v1/{accountId}/Account/{accountId} - Authenticate with username + API token (Basic Auth)
- Verify response includes account details
- Use Boomi API test endpoint:
- Configure in Nodinite:
- Web Client → Settings → Monitor Agents → Boomi → Add Account
- Enter: Account ID, Username (nodinite-monitoring@yourcompany.com), API Token
- Test connection, verify Atoms/environments discovered
Security best practices:
- Rotate API token quarterly - Generate new token every 90 days, update in Nodinite Secret Management
- IP whitelist - Restrict service account to Nodinite server IP only (AtomSphere → Account Settings → IP Restrictions)
- Audit log review - Monthly review of service account activity (ensure only expected Nodinite operations)
- Separate accounts per environment - Use different service accounts for Production vs Dev/Test monitoring (limit blast radius if credentials compromised)
How are Boomi API credentials stored in Nodinite?
Credentials stored encrypted using Secret Management feature:
- Encryption: AES-256 encryption with unique per-installation master key
- Key storage: Master key stored in Windows Credential Manager (not in database, not in config files)
- Access control: Only Nodinite services with LocalSystem privileges can decrypt secrets
- Credential rotation: Update API tokens in Nodinite Web Client (Settings → Monitor Agents → Boomi → Edit Account → Update Token), old tokens overwritten (not retained)
- Database protection: Encrypted credentials stored in Nodinite Configuration Database, database access requires Windows Authentication (no SQL credentials)
Compliance: Meets PCI DSS Requirement 3.4 (cardholder data protection - credentials encrypted at rest), SOC 2 Trust Services Criteria CC6.1 (logical and physical access controls).
Can I restrict Nodinite to specific Boomi environments only?
Yes, using environment filtering in Monitor Views:
Example: Production-only monitoring
- Create Monitor View "Production Boomi Processes"
- Filter by environment: Environment Name equals "Production"
- Assign to role: "Operations Team"
- Result: Operations team sees only Production Atoms/processes, Dev/Test environments hidden
Example: Team-specific environment access
- "Development Team" Monitor View - Filtered to Dev environment only, developers troubleshoot own Dev issues
- "QA Team" Monitor View - Filtered to Test/UAT environments, QA manages testing processes
- "Operations Team" Monitor View - Filtered to Production environment, operations focuses on production monitoring
Note: Environment filtering is display-only (Monitor Views control what users see in dashboards), NOT security boundary. Service account has API access to ALL environments in Boomi account. For true security isolation, use separate Boomi accounts with separate Nodinite service accounts.
What are the Boomi API rate limits?
AtomSphere REST API rate limits:
- Rate limit: 5 requests/second per Boomi account
- Burst allowance: 10 requests within 2-second window (temporary burst supported)
- Throttling behavior: HTTP 429 "Too Many Requests" response if limit exceeded, retry after 1 second
Nodinite automatic throttling:
- Polling interval: 60 seconds default (configurable 30s-5min)
- Request distribution: If monitoring 50 Atoms + 100 processes, Nodinite makes 2-3 API requests per 60-second poll (retrieve account metadata, retrieve Atom list, retrieve process execution history per Atom)
- Average rate: 0.04 requests/second (well under 5 req/sec limit)
- Automatic retry: If HTTP 429 received, Nodinite backs off exponentially (retry after 1s, 2s, 4s, 8s) until successful
Best practices for high-scale monitoring:
- Increase polling interval for non-critical environments (Dev/Test: 5 minutes instead of 60 seconds)
- Prioritize Production - 30-second polling for Production, 5-minute polling for Dev/Test
- Monitor API health - Nodinite tracks Boomi API response times + error rates, alert if degraded
Back to FAQs
← All FAQs | ← Boomi Integrations Monitoring Overview
Related FAQs
- Monitoring Scope & Capabilities → - Cloud Atoms, failure detection, comparison table
- Performance & Overhead → - API polling overhead, JMX overhead, optimization
- Integration & Advanced → - Power BI, Docker/Kubernetes, Boomi Flow