The Forefront Identity Manager Certificate Management (FIM CM) SQL application programming interface (API) was designed to allow organizations to programmatically place requests to FIM CM for common management functions. Requests placed using the FIM CM SQL API are written to the External Requests Microsoft SQL Server database table. A Microsoft Windows service then processes the requests from that table on a scheduled basis. After the FIM CM requests are successfully processed by the Windows service, they are then processed in accordance with the policy parameters identified in the profile template for the type of request.
The FIM CM SQL API provides the ability for SQL authenticated processes to place requests within FIM CM. By default, all FIM CM external API stored procedures can be executed by users in the CLMExternalApi role. When the FIM CM database is configured, one user, CLMExternal, is created in this role.
The rationale for using a SQL-based API is that it provides an additional layer of abstraction from the FIM CM internals; API initiated requests are controlled by processes outside of the core application processes.
For example, a developer could write an application that connected to the FIM CM database using the CLMExternal user (mixed mode authentication on SQL server). This application could indirectly create a FIM CM enrollment request by calling externalSubmitEnrollRequest. When the FIM CM service runs, the enrollment request is then processed by FIM CM.