Web Services Reference for Oracle Billing Insight > Customizing RESTful Resources > About Authentication and Authorization >

About Authentication With Web Services

To invoke Oracle Billing Insight Web services to create, read, update or delete (CRUD) business objects, the caller must be authenticated as a registered user. The Oracle Billing Insight REST services server authenticates REST service users in the same way as users who log in using the Oracle Billing Insight Web application. Once a user is authenticated, the REST services server returns a token to the client. The client must add an HTTP header with the attribute name ebrstoken and add the value of the returned token to each REST services request. For example, in the Jersey client, you can use the WebResource.Builder.header(name,value) method to add the ebrstoken name and the token value to the HTTP header.

The token has an expiration period. The default period is 20 minutes. The default string token has a length of 48. You can optionally change both the string length and duration of the token in the webservice.xma.xml file, located in the following directory:

• UNIX. EDX_HOME/xma/config/modules/webservice
• Windows. EDX_HOME\xma\config\modules\webservice

Change the property values in the IWebserviceAuthTokenProvider bean.

By default, Oracle Billing Insight uses its preconfigured authentication provider to authenticate users. You can use a different authentication provider, such as an external system. For information on how to customize Oracle Billing Insight to use a different authentication server, see Implementation Guide for Oracle Billing Insight.