1. MySQL Cloud Service REST APIREST API for MySQL Cloud Service
  2. Authentication

Authentication

In order to use the Oracle MySQL Cloud Service REST API, you must provide valid Oracle Cloud credentials along with an identity domain.

You must have a valid Oracle Cloud account with MySQL Cloud Service subscription. Optionally, an Oracle Cloud Service can be set up and used to store backups on cloud storage.

MySQL Cloud Service uses a certificate authority (CA) certificate, issued by Verisign, to enable clients to connect securely to the server.

Note:

Ensure that you have the appropriate log-in credentials for creating, managing, and deleting MySQL Cloud Service instances, as described in the Quick Start guide

You provide credentials to the REST endpoints as HTTP request headers, and access the REST endpoints over HTTPS to ensure that these credentials are not visible to third parties. Specifically you must provide this information:

  • An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign CA certificate. Oracle Cloud uses a CA certificate issued by Verisign to enable clients to connect securely to the server.

  • The standard Authorization header, which specifies the MySQL Cloud Service user name and password. The user name and password can be separated by a colon and encoded using Base64 encoding.

  • A custom header, X-ID-TENANT-NAME, that identifies the MySQL Cloud Service identity domain for this user. This identity domain is typically also part of the endpoint URL.

    If your administrator has changed the identity domain ID to a user-friendly name, you must still specify the identity domain ID when using the REST API. For example, if the original identity domain name was MyIdentityDomain54321 and it was changed to MyIdentityDomain, you must use MyIdentityDomain54321 in the REST endpoints.

    On accounts that are integrated with Oracle Identity Cloud Service, the identity domain ID is the Identity Cloud Service tenant name. This tenant name begins with the characters idcs-followed by a string of number and letters (for example, idcs-98888f7964454b658ac6d2f625b29030)

For example, to authenticate using cURL:

  • Use the -u option to set the MySQL Cloud Service user name and password, which cURL uses to create the Authorization header.

  • Use the -H option to set the X-ID-TENANT-NAME custom request header.

  • When running cURL from a Windows command shell only, set the cURL environment variable, CURL_CA_BUNDLE, to the location of an SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign CA certificate. Alternatively, you can specify the location of your local CA certificate bundle on the command line, using the --cacert command line option.

    You can download an SSL CA certificate bundle from http://curl.haxx.se/docs/caextract.html or provide your own. For information about CA certificate verification using cURL, see: http://curl.haxx.se/docs/sslcerts.html.

The following cURL command examples retrieve the details of the ExampleService service instance. 

curl -i -X GET -u username:password -H "X-ID-TENANT-NAME:ExampleIdentityDomain" https://rest_server_url/paas/api/v1.1/instancemgmt/ExampleIdentityDomain/services/jaas/instances/ExampleService

Note: The command in the example uses the URL structure https://rest_server_url/resource-path, where rest_server_url is the REST server to contact for your identity domain or Cloud Account. See Send Requests.