Generate and Use Access Tokens in REST API and CLI Payloads (Identity Domains)

If you want to create an Oracle Analytics Cloud instance programmatically, you must generate an access token that you can include in the payload for REST API or CLI create operations. Access tokens are set to expire after a certain time period so you might need to repeat this task for subsequent create operations. By default, access tokens are valid for one hour (3600 seconds).

Note:

These instructions are for tenancies that use identity domains. If your tenancy uses Oracle Identity Cloud Service (IDCS), see Generate and Use Access Tokens in REST API and CLI Payloads (IDCS).

You can generate access tokens using the Console or programmatically (using CLI or an API).

To generate access tokens from the Console:

  1. Sign in to your Oracle Cloud account as an administrator.
  2. In Oracle Cloud Infrastructure Console, navigate to Identity & Security, and click Domains.
  3. Click the name of the identity domain where you plan to create an Analytics instance, and click Integrated applications.
  4. Navigate to the application that you previously created to generate tokens. For example, Analytics_Token_App.
  5. Under Resources, click Access Token.
    Access token page
  6. Select Customized Scopes.
  7. Select Invokes identity domain APIs, and specify Me.
  8. Click Download token and save the tokens.tok file.

    tokens.tok contains the access token with the attribute name app_access_token.

  9. Open tokens.tok.

    For example:

    {"app_access_token":"eyJ4NXQjUzI...0jxcCw5oR0ajaNw"}
  10. Copy the access token value between the quotes. For example, the value eyJ4NXQjUzI...0jxcCw5oR0ajaNw.
  11. To create an Oracle Analytics Cloud instance with this access token, do one of the following:
    • REST API CreateAnalyticsInstance: Specify the token value in the parameter idcsAccessToken.
    • CLI analytics-instance create: Copy the token value to a file and specify the name of the file in the CLI parameter --idcs-access-token-file [filename].
To generate access tokens using an API or CLI:
  1. Generate the access token using an API or from the CLI. For example:
    curl 
    -X POST 
    -u "<client_id>:<client_secret>" 
    -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' 
    -d "grant_type=password" 
    -d "username=<user>" 
    -d "password=<password>" 
    -d 'scope=urn:opc:idm:t.user.me' 
    "https://<stripe>.identity.oraclecloud.com:443/oauth2/v1/token"

    Note:

    Navigate to your domain's information page to obtain the stripe associated with your domain. Click Show next to the Domain URL property to discover the stripe value.

    The command returns a JSON response similar to this:

    {"access_token":"eyJ4NXQjUzI...0jxcCw5oR0ajaNw","token_type":"Bearer","expires_in":3600}
    
  2. Copy the access token from the JSON. For example,eyJ4NXQjUzI...0jxcCw5oR0ajaNw.
  3. To create an Oracle Analytics Cloud instance with this access token, do one of the following:
    • REST API CreateAnalyticsInstance: Specify the token value in the parameter idcsAccessToken.
    • CLI analytics-instance create: Copy the token value to a file and specify the name of the file in the CLI parameter --idcs-access-token-file [filename].