Developer APIs: Control User and Client System Access

On This Page

Access at a Glance

Area	More information
People and systems that need access
Authentication method: Several, depending on the API	The APIs have different authentication methods: Developer API for Oracle Integration 3: OAuth 2.0 token, obtained on behalf of a user or cloud application. Integration endpoints: Determined by the adapter that builds the API. The adapter that you use as the trigger for an integration builds the integration endpoint.
Authorization methods: Service roles	The APIs have different authorization methods: Developer API for Oracle Integration 3 and integration endpoints: Oracle Integration service roles. See Oracle Integration 3 Service Roles in Provisioning and Administering Oracle Integration 3. Developer API for Process Automation: Process Automation roles and process application roles: Process Automation roles provide functional security. See Process Automation Roles in Administering Oracle Cloud Infrastructure Process Automation. Process Automation roles control access to the administration and designer APIs. Process application roles provide data security. See About Process Application Roles in Using Oracle Cloud Infrastructure Process Automation. Process application roles control access to the runtime APIs. The following list identifies the administration, designer, and runtime APIs in the Developer API for Process Automation: Credentials: Administration APIs Decision Applications: Designer APIs Decisions: Runtime APIs Dynamic Processes: Runtime APIs Process Applications: Designer APIs Processes: Runtime APIs Roles: Administration APIs User Configurations: Runtime APIs User Tasks: Runtime APIs In some situations, users have implicit access to resources, regardless of their roles. For instance: A task's assignee, candidate, and creator have implicit view access to a task. The creator of an instance has implicit view access for the instance. The Process Application Administrator role has irrevocable manage permission of all process applications. A user's access is a combination of their assigned roles and their implicit permissions. Developer API for File Server: For details about this API's authorization methods, see File Server: Control User and Client System Access.

Area

More information

People and systems that need access

Instance users Client systems

Authentication method:

Several, depending on the API

The APIs have different authentication methods:

Developer API for Oracle Integration 3: OAuth 2.0 token, obtained on behalf of a user or cloud application.
Integration endpoints: Determined by the adapter that builds the API. The adapter that you use as the trigger for an integration builds the integration endpoint.

Authorization methods:

Service roles

The APIs have different authorization methods:

Developer API for Oracle Integration 3 and integration endpoints: Oracle Integration service roles.

See Oracle Integration 3 Service Roles in Provisioning and Administering Oracle Integration 3.
Developer API for Process Automation: Process Automation roles and process application roles:
- Process Automation roles provide functional security. See Process Automation Roles in Administering Oracle Cloud Infrastructure Process Automation.
  
  Process Automation roles control access to the administration and designer APIs.
- Process application roles provide data security. See About Process Application Roles in Using Oracle Cloud Infrastructure Process Automation.
  
  Process application roles control access to the runtime APIs.
The following list identifies the administration, designer, and runtime APIs in the Developer API for Process Automation:
- Credentials: Administration APIs
- Decision Applications: Designer APIs
- Decisions: Runtime APIs
- Dynamic Processes: Runtime APIs
- Process Applications: Designer APIs
- Processes: Runtime APIs
- Roles: Administration APIs
- User Configurations: Runtime APIs
- User Tasks: Runtime APIs
In some situations, users have implicit access to resources, regardless of their roles. For instance:
- A task's assignee, candidate, and creator have implicit view access to a task.
- The creator of an instance has implicit view access for the instance.
- The Process Application Administrator role has irrevocable manage permission of all process applications.
A user's access is a combination of their assigned roles and their implicit permissions.
Developer API for File Server: For details about this API's authorization methods, see File Server: Control User and Client System Access.

How to Control Access

Security goal	Owner	More information
Create an OAuth client application with the appropriate scopes so that the client can access the API		Follow the guidance for the API that you need to access: Developer API for Oracle Integration 3 See Use OAuth 2.0 in Oracle Integration in Using Integrations in Oracle Integration 3. Developer API for Process Automation See Security, Authentication and Authorization in Developer API for Oracle Cloud Infrastructure Process Automation. Developer API for File Server See OAuth Authentication in Oracle Integration for File Server in Developer API for File Server in Oracle Integration 3. Integration endpoints Oracle provides a guide for using each adapter. See Configure Connection Properties in Using Integrations in Oracle Integration 3 for links to all adapter guides.
Provision the users who need to access the REST APIs		If your tenancy uses identity domains, see Workflow for Access in an Identity Domain in Provisioning and Administering Oracle Integration 3. If your tenancy doesn't use identity domains, see Workflow for Access Without an Identity Domain in Provisioning and Administering Oracle Integration 3. If any users must access the customer-built-APIs, assign them the ServiceInvoker role.

Security goal

Owner

More information

Create an OAuth client application with the appropriate scopes so that the client can access the API

Oracle Cloud Infrastructure tenant and domain administrator

Follow the guidance for the API that you need to access:

Developer API for Oracle Integration 3

See Use OAuth 2.0 in Oracle Integration in Using Integrations in Oracle Integration 3.
Developer API for Process Automation

See Security, Authentication and Authorization in Developer API for Oracle Cloud Infrastructure Process Automation.
Developer API for File Server

See OAuth Authentication in Oracle Integration for File Server in Developer API for File Server in Oracle Integration 3.
Integration endpoints

Oracle provides a guide for using each adapter. See Configure Connection Properties in Using Integrations in Oracle Integration 3 for links to all adapter guides.

Provision the users who need to access the REST APIs

Oracle Cloud Infrastructure tenant and domain administrator

If your tenancy uses identity domains, see Workflow for Access in an Identity Domain in Provisioning and Administering Oracle Integration 3.
If your tenancy doesn't use identity domains, see Workflow for Access Without an Identity Domain in Provisioning and Administering Oracle Integration 3.

If any users must access the customer-built-APIs, assign them the ServiceInvoker role.

Note:

Instance users, typically integration developers, are responsible for configuring connections to integration endpoints. Afterward, the developer uses the connection in an integration, finalizes the integration, and activates the integration. When the integration runs, Oracle Integration exposes the integration endpoints. These integration endpoints follow the authentication for the adapter upon which the connection is based. Each adapter supports different authentication patterns. Oracle provides a guide for using each adapter. See Available Adapters for Connections in Using Integrations in Oracle Integration 3 for links to all adapter guides.