This article describes how to run in Pega, a model built on the Google AI platform.

This article assumes that a model has already been built (and deployed) in Google Cloud Platform (GCP) and is available by using Google's discovery API.

Create an Authentication Profile

We first create an Authentication Profile, which provides the connection details from Pega to GCP. We use this authentication profile in Prediction Studio to connect to the model and execute it.

You will need the JSON file that you downloaded when creating a service profile. This file contains all the necessary information to connect to GCP. Open the JSON file in a text editor of your choice, for example, TextEdit on a macOS or Notepad on a Windows machine (in TextEdit make sure to use plain text mode, that you can find under the Format menu). Keep it on the side. Make sure not to make any changes to it!

Create a KeyStore rule

You need to put the authentication key in the Java KeyStore as a first step.

Open the JSON file and locate the section starting with "private key". Copy the section from -----BEGIN PRIVATE KEY----- until -----END PRIVATE KEY----- into a new file called "key.txt."

The figure below is showing how the resulting file should look now:

On macOS, the file may contain a lot of \n symbols and may show as an irregular bunch of lines, not the neat code block. You can replace the \n characters with proper new lines in the text editor. Alternatively, do it from the command line using the following sequence:

1cat key.txt | sed -e 's/\\n/\'$'\n/g' > key2.txt
2mv key2.txt key.txt

Next, run the following commands to complete the creation of a Java KeyStore. The first OpenSSL command will ask you a lot of questions (including country, phone number, etc.). You can just hit Enter to accept the defaults, except for the password question. Choose a password for the certificate. Use the same password to replace <PASSWORD> below:

1openssl req -new -key key.txt -out server.csr
2openssl x509 -req -days 365 -in server.csr -signkey key.txt -out server.crt
3cat key.txt server.crt > server.pem
4openssl pkcs12 -export -inkey key.txt -in server.crt -passout pass:<PASSWORD> -out keystore.pkcs12

Now you have to put the certificate in a Java KeyStore using the keytool utility. The first time it will ask you for another password - this is the password for the Java KeyStore (the .jks file). You will need to remember it, because it will be needed later on. It will then ask for the password of the certificate - this is the <PASSWORD> from the previous section. The Java KeyStore is just a file, like in the following example the "wso2carbon.jks" file:

keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS

If all is well, you will see the following message:

Now, in Pega, create a KeyStore rule (in the Security category), give it any name and upload the wso2carbon.jks file you just created. Choose Upload file and JKS as the keystore type. In the password, enter the keystore password (so not the certificate password, but the password you used when using keytool). Do not check the Provide password by reference in clear text checkbox. As in the figure below:

Create a OAuth provider rule

Now create an OAuth 2.0 Provider rule - also under Security category. You can name it however you want.

Fill in the fields with the following information: Grant type: Authorization code. Authorization code: https://accounts.google.com/o/oauth2/auth Access token endpoint: https://oauth2.googleapis.com/token Select the KeyStore rule you created in the previous step.

Create an Authentication Profile rule

The last rule you need to create is an Authentication Profile. Again this is in the Security category. For this you will need to refer to the JSON file you obtained from the GCP service profile.

Select the OAuth2 authentication profile and create a rule Select the OAuth provider created in the previous step Grant type: Authorization code For the identifier, use the number in the client_id in the JSON file. For the secret, use the private_key_id from the JSON file.

Now expand the Additional endpoint parameters and enter 5 additional parameters. Take the values from the corresponding entries in the JSON file:

project_id type client_email auth_provider_x509_cert_url client_x509_cert_url

Create a Machine Learning Service

Now switch to Prediction Studio and create a Machine Learning Service for GCP. This service is essential, because not all authentication profiles necessarily relate to Machine Learning Services. The ML Services in Prediction Studio lists just those authentication profiles that are ML Services.

1. In Prediction Studio, select Settings and create a Machine Learning Service.
2. Click Create.
3. Select the Google picture and enter a name (for example, "My Google Service"), and then select the authentication profile you created earlier.

Create a Google model and execute it

Now you need to create a Pega predictive model rule that refers to your model in GCP.

• In the Predictions overview (with all the tiles), click New, select Predictive Model and select External Model. Enter a name and select the machine learning service.
• Now select your model from the list of models and click Next.

• On the next screen enter the objective of the model and select the model type as shown in the figure below:

• Enter the expected performance and other mandatory fields. For binary model: the positives and negatives. For continuous model: the range, etc.
• Click Import.
• Navigate to Input mapping tab and upload a valid JSON that has the model inputs defined in it. In this example,you can use the attached modelContract.json file:

• Then map all input fields to properties in Pega: (in this example, first create a parameter called ContractEndMonths):

• Click on Run to execute the model and get the prediction results by providing the same inputs that were used in Google API explorer. You should get exactly the same outputs.

Related content

For more information, see Supported Google AI Platform models