Secure the REST Connector
You can secure your REST connector by specifying a security policy and credential details.
- Configure Basic Auth Security
- Configure OAuth Security with Client Credential
- Configure OAuth Security with JWT Assertion
- Configure Security with OCI Signature Policy
Another way to secure your connector is to select a Process Automation Administrator defined global credential. See Use Global Credentials.
Configure Basic Auth Security
Basic authentication security provides a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with an authorization header that contains the word Basic, followed by a space, and a base64-encoded string username:password. The application or endpoint requires that users and services provide security credentials for access.
Configure OAuth Security with Client Credential
With the OAuth with Client Credential security policy, the client application directly obtains access on its own without the resource owner’s intervention using its client ID and client secret. The application or endpoint requires that users and services provide security credentials for access.
For an OAuth grant (client credential) flow, you have to know the client ID and client secret from the OAuth provider. For example, if you’re using an Oracle IDCS-based OAuth client, determine this information using the IDCS admin console.
See the Security, Authentication and Authorization section in REST API for Oracle Cloud Infrastructure Process Automation.
Configure OAuth Security with JWT Assertion
Configure your connector to use OAuth 2.0 to authenticate with your API.
See the Security, Authentication and Authorization section in REST API for Oracle Cloud Infrastructure Process Automation.
For an OAuth assertion grant (jwt-bearer) flow, you’ll need to:
-
Generate a key pair
-
Extract public and private keys from the key pair
-
Obtain the public certificate’s x5t thumbprint
-
Create a trusted OAuth client in the OAuth provider
See Quick Reference.
To configure OAuth with JWT Assertion:
Configure Security with OCI Signature Policy
You can securely call Oracle Cloud Infrastructure (OCI) APIs using the OCI Signature security policy. This policy authenticates the service consumer (client), and ensures that communication between the OCI service and the service consumer happens in a secure manner.
In this policy, the client (who makes the http request) uses an API key to encrypt the required header fields and content. The encrypted data is then added to the Authorization
header in the http request. Upon receiving such a request, the OCI service can verify that the request was made by an authentic user.
See Request Signatures in OCI documentation.
Prerequisites
Before you can configure a connector to use OCI Signature Policy, you must perform the following tasks:
- Get the user OCID and tenancy OCID. See Where to Get the Tenancy's OCID and User's OCID.
- Create an API signing key. See How to Generate an API Signing Key.
- Get the fingerprint of the key. See How to Get the Key's Fingerprint.
- Optionally, if you've generated the key with a passphrase, you need to obtain the passphrase.
Use Global Credentials
You may want to use a global credential that is already created in Workspace by a Process Automation Administrator instead of creating application specific credentials in Designer. The advantage of global credential is that you can use the same credential in multiple process applications.
See About Credentials.
Only Process Automation Administrators can create global credentials from the Workspace Administration page. A Process Automation Administrator can also edit or delete global credentials in Workspace. See Manage Credentials in Workspace.
Note that any changes a Process Automation Administrator makes to a global credential will be applied to all connectors in which you use the global credential.
To use a global credential: