Configure the REST Adapter to Consume a REST API Protected with OAuth 1.0a One-Legged Authentication

This section provides an overview of the OAuth 1.0a One-Legged Authentication security policy in the Connections page. This protocol enables web sites or applications (consumers) to access protected resources from a web service (a service provider) through an API without requiring you to disclose your service provider credentials to consumers.


No customization is required in this policy. This is a standard OAuth policy unlike custom 2-legged and custom 3-legged OAuth policies.
You can use this security policy with service providers such as the following:
  • Oracle NetSuite can expose restlets as REST APIs that are protected by OAuth 1.0 One-Legged Authentication. For example:

    You must be a member of Oracle NetSuite to access this restlet.

    This restlet returns a greeting in HTML.

  • Twitter accounts can be protected by OAuth 1.0a One-Legged Authentication.

Configure the following fields on the Credentials dialog of the Connections page. These credentials are provided by the service provider (Oracle NetSuite or Twitter).

Description of rest_adpt_one_auth2.png follows
Description of the illustration rest_adpt_one_auth2.png

Description of rest_adpt_one_auth.png follows
Description of the illustration rest_adpt_one_auth.png
  • Consumer Key — Specify the key that identifies the client making the request.

  • Consumer Secret — Specify the consumer secret that authorizes the client making the request.

  • Confirm Consumer Secret — Specify the secret a second time.

  • Token — Specify the token that accesses the protected resource.

  • Token Secret — Specify the token secret that generates the signature for the request.

  • Confirm Token Secret — Specify the secret a second time.

  • Realm — Specify the realm that identifies the account.