update Service account details

Author: jatindersingh93

docs/Config.md

@@ -68,6 +68,32 @@ This mode is generally recommended for systems where you expect to use COMS at a
 },
 ```
 
+Basic Auth can also be used where machine-to-machine API access is required. This can be set by enabling the s3AccessMode in the configuration, which is enabled by default on all COMS environments. This setup is suitable for service-level account access.
+
+```sh
+"basicAuth": {
+  "enabled": “true", # note: to disable, delete this environment variable
+  "s3AccessMode": "true",
+
+  "password": "<custom Basic Auth Password.",
+  "username": "<custom Basic Auth Username>"
+},
+```
+
+In this case, storage credentials provided by the optimization teams are used to grant access. The following are used as user and password:
+
+```sh
+accesskeyid
+accesskeysecret
+```
+
+Additional request params: bucket and endpoint must be provided in the request headers using the following key-value pairs:
+
+```sh
+x-amz-bucket: <bucket>
+x-amz-endpoint: <endpoint>
+```
+
 ### Full
 
 This mode is generally recommended for systems that need both user level and administrative level access to objects. This grants the full suite of functionality COMS offers, but care must be taken to ensure that access to objects is done securely from your line of business application.

docs/Service-Account.md

@@ -0,0 +1,46 @@
+Service account feature for COMS can be enabled by setting s3AccessMode enabled in configuration, it allows automated systems or services to securely interact with the COMS environment using access keys for authentication. Below are the steps for configuring and utilizing s3AccessMode.
+
+### Configuration setting required in COMS hosted environment
+
+In this configuration, s3AccessMode is enabled to allow machines to access the system without individual user authentication.
+
+**Enable s3AccessMode**: Enabling s3AccessMode allows machine-to-machine access via service account credentials (access key and secret). This setting is required to permit service account access to the COMS API.
+    
+```sh
+"basicAuth": { "enabled": "false",  // Disable Basic Authentication "s3AccessMode": "true"  // Enable M2M access using service account credentials}
+```
+
+## Service Account API access**
+
+### Credentials
+
+For M2M API access, the storage credentials (usually provided by the optimization team) are used to authenticate API requests. These credentials consist of an Access Key ID and Access Key Secret, which are essential for machine-to-machine communication.
+
+#### Service Account Credentials:
+**accesskeyid:*** The unique identifier for the service account.
+
+**accesskeysecret:** The associated secret key for the service account.
+
+
+#### Set Request Headers and Parameters
+
+With s3AccessMode enabled, the M2M communication requires specific headers to authenticate and provide access correctly. These headers are typically supplied by the optimization team.
+
+**Headers to Include**:
+
+***x-amz-bucket:*** The name of the bucket being accessed by the service account.
+
+***x-amz-endpoint:*** The endpoint to which the request is directed.
+
+**Set Required Parameters**: 
+
+You need to specify either the bucketId or objectId in the request parameters.
+
+**bucketId or objectId:** The unique identifier for the bucket or object being accessed.
+        
+
+### Security Considerations
+
+*   **Store Credentials Securely**: Ensure the accesskeyid and accesskeysecret are stored securely, such as in environment variables or a secure credential vault, to prevent unauthorized access.
+    
+*   **Use HTTPS**: Make sure that all API requests are made over HTTPS to protect sensitive data during transmission.

mkdocs.yml

@@ -13,12 +13,13 @@ markdown_extensions:
 nav:
 - Introduction: index.md
 - API User Guide:
-  - Authentication: Authentication.md
+  - Authentication: Authentication.md  
   - Endpoint Notes: Endpoint-Notes.md
   - Permissions: Permissions.md
   - Metadata and Tags: Metadata-Tag.md
   - Managing buckets: Buckets.md
-  - Synchronization: Synchronization.md
+  - Service Account: Service-Account.md  
+  - Synchronization: Synchronization.md  
   - Use-Case Examples: Use-Case-Examples.md
 - Deployment Guide:
   - Self-Hosting COMS: Self-Hosting-COMS.md