1. Oracle Database Cloud Exadata Service REST APIREST API for Oracle Database Exadata Cloud at Customer (Gen 1/OCI-C)
  2. Security, Authentication and Authorization

Security, Authentication and Authorization

When you make HTTPS requests to Exadata Cloud at Customer REST API endpoints, you ensure secure, authenticated and authorized access by providing the following information:

  • An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign certificate authority (CA) certificate. (Oracle Cloud uses a CA certificate issued by Verisign to enable clients to connect securely to the server.)

  • The X-ID-TENANT-NAME custom header to specify the identity domain.

  • The Authorization standard header to specify the user name and password of an Oracle Cloud user with authorization to perform the operation in the specified identity domain.

The X-ID-TENANT-NAME Header

When making a request to an Exadata Cloud at Customer REST API endpoint, you must specify an X-ID-TENANT-NAME header whose value is the name of the identity domain to which the request applies; for example: 

X-ID-TENANT-NAME: idcs-6572bfeb183b4becad9e649bfa14a488

The specified value depends on the type of Exadata Cloud at Customer account that is used to make the request:

  • For a Traditional Cloud Account, specify the Identity Domain Name that is associated with the service. This is the same as the identity domain value that you specify when connecting to My Services. It is also displayed near the top of the My Services dashboard.

  • For a Cloud Account with Identity Cloud Service, specify the Oracle Identity Cloud Service tenant name that is associated with the service. This is a character string beginning with idcs-. See Find Your Oracle Identity Cloud Service Tenant Name

The Authorization Header

When making a request to an Exadata Cloud at Customer REST API endpoint, you must specify an Authorization header whose value contains the user name and password of an Oracle Cloud user with authorization to perform the requested operation in the specified identity domain. The value has the form: 

Basic base64-encoded-username-colon-password

where base64-encoded-username-colon-password is the user name and password, separated by a colon and encoded using Base64 encoding. For example, given the user name serviceadmin and the password Pa55_word, the string to encode would be serviceadmin:Pa55_word and the resulting header would be: 

Authorization: Basic c2VydmljZWFkbWluOlBhNTVfd29yZA==

Note:

Many client applications provide a method that creates this header for you. In cURL, for example, the -u (--user) option adds the Authorization header to a request: 

--user serviceadmin:Pa55_word

generates the same Authorization header shown in the previous example.