Authorization
To use Basic Authorization:
-
Gather the following information:
-
The backend ID for the backend through which you want to send the request. This is shown in the UI on the backend's Settings page.
-
If you are using anonymous access, the anonymous key, which is shown on the backend's Settings page.
-
If you aren't using anonymous access, the user name and password. See the operation's permissions section in this document to determine whether the user must be a mobile user or a team member.
-
-
Set the
Authorization
header.-
If you are using anonymous access, then set the header to
Basic
anonymous-key. -
If you are aren't using anonymous access, then set the header to
Basic
base64-encoded-username:password.
-
-
Set the
Oracle-Mobile-Backend-ID
header to the value that you got from the Settings page.
To use OAuth Authorization:
-
Gather the following information:
-
The base URL, OAuth token endpoint, client ID, and client secret for the backend through which you want to send the request. These are shown in the UI on the backend's Settings page.
-
If you aren't using anonymous access, the user name and password. See the operation's permissions section in this document to determine whether the user must be a mobile user or a team member.
-
-
Base64 encode the clientID:clientSecret string.
-
Set the
Authorization
header toBasic
base64-encoded-client-id:client-secret. Replace base64-encoded-client-id:client-secret with the appropriate value. -
Set the
Content-Type
toapplication/x-www-form-urlencoded; charset=utf-8
. -
Set the request body to the appropriate grant type and include the scope:
-
For anonymous access, use
grant_type=client_credentials&scope=
baseURLurn:opc:resource:consumer::all
. -
Otherwise, use
grant_type=password&username=
username&password=
password&scope=
baseURLurn:opc:resource:consumer::all
. The user name and password must be URL encoded.
-
-
POST
the request to the OAuth token endpoint as shown in this cURL example:curl -i -H "Authorization: Basic <base64-encoded-client-id:client-secret>" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -d "grant_type=client_credentials&scope=<baseURL>urn:opc:resource:consumer::all" --request POST <oauth-token-endpoint>
The response includes an
access_token
property, as shown in this example (the value foraccess_token
is a very long string, which is truncated in this example). Copy this token for the next step.{ ... "access_token": "eyJ4NXQjUzI1NiI6Ijg1a...SsqtmgzK1dFs", ... "token_type": "Bearer", ... }
-
When you send a request to the API, set the
Authorization
header toBearer
access_token.
To learn about the other ways in which you can authorize requests to the APIs, such as social-user authorization, see Authentication in OMCe in Developing Applications with Oracle Mobile Cloud, Enterprise.