Invoke an Application's REST Endpoint with OAuth

When you configure an invoke connection in an integration, you can use OAuth to securely invoke the REST API of an external application. Here's a summary of what you need to configure to use OAuth with REST invoke connections in an integration.

When an integration invokes the endpoint of an external application, Oracle Integration requests access from the authorization server for the external application. Once access is granted, Oracle Integration accesses the REST endpoint, authenticates with the external authorization server, and invokes the application.

When an integration invokes the REST endpoint of an external application, Oracle Integration requests access from the authorization server for the external application. Once access is granted, Oracle Integration accesses the REST endpoint, authenticates with the external authorization server, and invokes the application.

Configuration Summary

Is OAuth required?	Supported grant types	Required roles
No. You can use other authentication types supported by the external application.	For supported grant types for REST Adapter invoke connections, see Authentication Types.	The role required depends on the endpoint that you are calling. If you are calling an Oracle Integration endpoint, such as an Oracle Integration Developer API or the endpoint within an integration, you will need to assign Oracle Integration roles to the client application such as ServiceInvoker, ServiceUser, or ServiceDeveloper, ServiceUser is the minimum role required to call the Developer APIs. This user has access to the Oracle Integration Console as well as the APIs. Assign the ServiceUser role in most cases. ServiceDeveloper is required if you're invoking the Developer APIs from within an integration or you're using the APIs to perform create operations such as creating lookups or importing an integration. Use ServiceInvoker if you only need to invoke an integration's endpoints and will not be making any calls to the Oracle Integration Developer APIs. For detailed information on each role, see What Users Can Do in the Integrations Design Section by Role. If you want to use the same confidential application for calling the Oracle Integration Developer APIs and integration endpoints, use the ServiceUser or ServiceDeveloper role. If you are calling an external endpoint, the role you assign depends on the external application requirements.

Is OAuth required?

Supported grant types

Required roles

No. You can use other authentication types supported by the external application.

For supported grant types for REST Adapter invoke connections, see Authentication Types.

The role required depends on the endpoint that you are calling. If you are calling an Oracle Integration endpoint, such as an Oracle Integration Developer API or the endpoint within an integration, you will need to assign Oracle Integration roles to the client application such as ServiceInvoker, ServiceUser, or ServiceDeveloper,

ServiceUser is the minimum role required to call the Developer APIs. This user has access to the Oracle Integration Console as well as the APIs. Assign the ServiceUser role in most cases.
ServiceDeveloper is required if you're invoking the Developer APIs from within an integration or you're using the APIs to perform create operations such as creating lookups or importing an integration.
Use ServiceInvoker if you only need to invoke an integration's endpoints and will not be making any calls to the Oracle Integration Developer APIs.

For detailed information on each role, see What Users Can Do in the Integrations Design Section by Role.

If you want to use the same confidential application for calling the Oracle Integration Developer APIs and integration endpoints, use the ServiceUser or ServiceDeveloper role.

If you are calling an external endpoint, the role you assign depends on the external application requirements.

Configuration Steps

Steps to use OAuth with the REST Adapter and invoke connections:

If you are invoking Oracle Integration Developer APIs or the endpoint of an integration, complete this step. Otherwise, skip this step and go to step 2.
1. Create the confidential client application, assign scopes and roles, and activate it:
  1. Access the Identity Domain.
  2. Configure prerequisites for your grant type:
Create a REST Adapter connection.
Add the REST Adapter as an invoke connection to an integration.