Authentication and Authorization

All client users accessing the OIPA APIs must be authenticated in addition to being authorized for data access and functional behavior. The users must be:

  • Authenticated: To identify the user validity
  • Authorized for data access: Have access to archived and retrieved data
  • Authorized for functional behavior: To perform Read and Create functions
  • OIPA for Archival and Retrival supports basic authentication.
  • Archival and Retrieval utility leverages an embedded micro-profile server Helidon MP (https://helidon.io).
To access the OIPA REST resources over HTTPS, provide the following information for authentication:
  • An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign CA certificate. Oracle Cloud uses a CA certificate issued by Verisign to enable clients to connect securely to the server. For more information, use cURL
  • The Authorization standard header to specify the OIPA account user with authorization to perform the operation in the specified identity domain. The value in the Authorization header depends on the type of authentication that you use to validate the user.