1. REST API for Oracle Mobile Cloud ??? EnterpriseREST API Reference for Oracle Mobile Cloud Enterprise - Platform APIs
  2. Authorization

Authorization

To use Basic Authorization:

  1. Gather the following information:

    • The backend ID for the backend through which you want to send the request. This is shown in the UI on the backend's Settings page.

    • If you are using anonymous access, the anonymous key, which is shown on the backend's Settings page.

    • If you aren't using anonymous access, the user name and password. See the operation's permissions section in this document to determine whether the user must be a mobile user or a team member.

  2. Set the Authorization header.

    • If you are using anonymous access, then set the header to Basic anonymous-key.

    • If you are aren't using anonymous access, then set the header to Basic base64-encoded-username:password.

  3. Set the Oracle-Mobile-Backend-ID header to the value that you got from the Settings page.

To use OAuth Authorization:

  1. Gather the following information:

    • The base URL, OAuth token endpoint, client ID, and client secret for the backend through which you want to send the request. These are shown in the UI on the backend's Settings page.

    • If you aren't using anonymous access, the user name and password. See the operation's permissions section in this document to determine whether the user must be a mobile user or a team member.

  2. Base64 encode the clientID:clientSecret string.

  3. Set the Authorization header to Basic base64-encoded-client-id:client-secret. Replace base64-encoded-client-id:client-secret with the appropriate value.

  4. Set the Content-Type to application/x-www-form-urlencoded; charset=utf-8.

  5. Set the request body to the appropriate grant type and include the scope:

    • For anonymous access, use grant_type=client_credentials&scope=baseURLurn:opc:resource:consumer::all.

    • Otherwise, use grant_type=password&username=username&password=password&scope=baseURLurn:opc:resource:consumer::all. The user name and password must be URL encoded.

  6. POST the request to the OAuth token endpoint as shown in this cURL example: 

    curl -i -H "Authorization: Basic <base64-encoded-client-id:client-secret>" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -d "grant_type=client_credentials&scope=<baseURL>urn:opc:resource:consumer::all" --request POST <oauth-token-endpoint>

    The response includes an access_token property, as shown in this example (the value for access_token is a very long string, which is truncated in this example). Copy this token for the next step. 

    { ...
  "access_token": "eyJ4NXQjUzI1NiI6Ijg1a...SsqtmgzK1dFs",
  ...
  "token_type": "Bearer", 
  ... 
}

  7. When you send a request to the API, set the Authorization header to Bearer access_token.

To learn about the other ways in which you can authorize requests to the APIs, such as social-user authorization, see Authentication in OMCe in Developing Applications with Oracle Mobile Cloud, Enterprise.