Authorization
Only OAuth is supported, and only team members who have the Developer
role can access these APIs.
To use OAuth:
-
Obtain the team member app's client ID and secret. To get these values, click Instance Details on the Mobile Apps page in the UI.
-
Obtain the OAuth token endpoint. This endpoint is shown on all backend Settings pages. Note that this is the same value as oracle-identity-cloud-service-url
/oauth2/v1/token
. -
Base64 encode the clientID:clientSecret string.
-
Set the
Authorization
header toBasic
base64-encoded-client-id:client-secret. Replace base64-encoded-client-id:client-secret with the appropriate value. -
Set the
Content-Type
toapplication/x-www-form-urlencoded; charset=utf-8
. -
Set the request body to
grant_type=password&username=
username&password=
password&scope=
mobile-cloud-service-urlurn:opc:resource:consumer::all
. Replace username, password, and mobile-cloud-service-url with appropriate values. The user name and password must be URL encoded. Note that the Mobile Cloud Service URL is the same value as the base URL that is shown on all backend Settings pages. -
POST
the request to the OAuth token endpoint, as shown in this cURL example. Replace all variable placeholders with appropriate values.curl -i -H "Authorization: Basic <base64-encoded-client-id:client-secret-string>" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -d "grant_type=password&username=<username>&password=<password>&scope=<mobile-cloud-service-url>urn:opc:resource:consumer::all" --request POST <oauth-token-endpoint>
The response includes an
access_token
property, as shown in this example (the value foraccess_token
is a very long string, which is truncated in this example). Copy this token for the next step.{ ... "access_token": "eyJ4NXQjUzI1NiI6Ijg1a...SsqtmgzK1dFs", ... "token_type": "Bearer", ... }
-
When you make a request to the API, set the
Authorization
header toBearer
access_token.