Security, Authentication and Authorization
When you make HTTPS requests to Exadata Cloud Service REST API endpoints, you ensure secure, authenticated and authorized access by providing the following information:
-
An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign certificate authority (CA) certificate. (Oracle Cloud uses a CA certificate issued by Verisign to enable clients to connect securely to the server.)
-
The
X-ID-TENANT-NAME
custom header to specify the identity domain. -
The
Authorization
standard header to specify the user name and password of an Oracle Cloud user with authorization to perform the operation in the specified identity domain.
The X-ID-TENANT-NAME Header
When making a request to an Exadata Cloud Service REST API endpoint, you must specify an X-ID-TENANT-NAME
header whose value is the name of the identity domain to which the request applies; for example:
X-ID-TENANT-NAME: usexample
The specified value depends on the type of Exadata Cloud Service account that is used to make the request:
-
For a Traditional Cloud Account, specify the
Identity Domain Name
that is associated with the service. -
For a Cloud Account with Identity Cloud Service, specify the
Identity Service Id
that is associated with the service, which has the formatidcs-letters-and-numbers
.
The Identity Domain Name
or Identity Service Id
can be determined by examining the Overview tab of the Service Details page for Exadata Cloud Service in the My Services application.
The Authorization Header
When making a request to an Exadata Cloud Service REST API endpoint, you must specify an Authorization
header whose value contains the user name and password of an Oracle Cloud user with authorization to perform the requested operation in the specified identity domain. The value has the form:
Basic base64-encoded-username-colon-password
where base64-encoded-username-colon-password
is the user name and password, separated by a colon and encoded using Base64 encoding. For example, given the user name serviceadmin
and the password Pa55_word
, the string to encode would be serviceadmin:Pa55_word
and the resulting header would be:
Authorization: Basic c2VydmljZWFkbWluOlBhNTVfd29yZA==
Note:
Many client applications provide a method that creates this header for you. In cURL, for example, the -u
(--user
) option adds the Authorization
header to a request:
--user serviceadmin:Pa55_word
generates the same Authorization
header shown in the previous example.