Authenticate
HTTP provides a user authentication framework for controlling access to protected resources. The Oracle Visual Builder REST API supports bearer or token authentication, which is performed by sending security tokens in the authorization header. A bearer token is a string that is not intended to be used by clients.
- Use the VB token generation API to return a access token in the response by passing a set of valid IDCS/OCI IAM users credentials (username/password) in the payload.
- Use the IDCS/OCI IAM console to get a token for the logged-in user for the VB
scope. For this, you need a trusted application in IDCS/OCI IAM that has the
Visual Builder instance scope added to it.
To add the Visual Builder instance scope, navigate to the token issuance policy section for the trusted application and add the resource/scope that corresponds to the Visual Builder instance. See Configuring OAuth.
To generate the access token, follow the steps in Generating an Access Token.
- You can also get the OAuth token from the Designer interface. Go to
App Settings and look under Business
Objects.
The client needs to send this token back to the server in every authorization header when it requests protected resources.
The bearer token is sent in the cURL request header. To pass the bearer token in the curl
command's authorization header, add the -H "Authorization: Bearer
{token}" command line parameter when executing the curl request. This
sends the token to the server. If you don't send the token this way, you will encounter
an HTTP Status 401 error, which means that you are not authorized to make the call.
The example curl command below shows the format you use with the authorization header and a POST request.
curl -X POST https://myinstance.com/ic/builder/<resource-path>
-H "Authorization: Bearer {token}"
-d "[post data]"