Use OCI IAM Authentication for Hosted Application Endpoints in OCI Generative AI

OCI Generative AI hosted application endpoints now support OCI IAM authentication.

When you create an application, you can select OCI IAM as the authentication type for requests to the application’s hosted deployment endpoint. With OCI IAM authentication, requests are signed using standard OCI request-signature authentication and authorized through OCI IAM policies. This option is available in addition to identity domain bearer token authentication.

For API workflows, use the new CreateHostedApplicationIam API to create an application that uses OCI IAM authentication. Continue to use the CreateHostedApplication API for identity domain bearer token authentication with an InboundAuthConfig.

Use OCI IAM authentication when your clients already use OCI SDKs, CLI, or other OCI request-signing flows, or when you want hosted application access to use standard OCI identity and policy controls.

On the Applications list page, you can use the Application type filter to narrow the list to applications that use the default identity domain bearer token authentication or OCI IAM authentication.

For information about hosted applications, see Hosted Applications and Deployments. To create an application with OCI IAM authentication, see Creating an application.