Oracle CPQ Cloud Service user access restrictions apply to REST calls. If a user cannot perform an operation within the Oracle CPQ Cloud Service user interface due to any type of user access restriction, the user will not be able to perform the operation via a REST call.

Authentication does not need to be added to a REST call if you have an active Oracle CPQ Cloud Service session. If you do not have an active Oracle CPQ Cloud Service session, authentication must be performed through an Authorization Header in the REST call that adheres to HTTP Basic authentication standards and contains valid Oracle CPQ Cloud Service credentials.

HTTP Basic Authentication

When using HTTP Basic authentication standards, the Authorization Header must contain Base64-encoded Oracle CPQ Cloud Service credentials (username:password) for the site being called.

For example, the Authorization Header below contains username:password Base64-encoded:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQg