1. Service Cloud REST APIREST API for Oracle B2C Service
  2. Learn More
  3. Authenticate and Authorize

Authenticate and Authorize

You can authenticate users or REST client applications using one of the following methods:

Note:

Oracle plans to disable Transport Layer Security (TLS) version 1.0. See Answer ID 8576 on Oracle Support for details on the effect of the functionality and the timelines for disabling TLS version 1.0 for your hosted infrastructure.

Passing Credentials in the URI

You can pass the credentials in the URI:

https://username:password@your_site_interface/services/rest/connect/v1.4

For example:

https://admin:PassWord@mysite.example.com/services/rest/connect/v1.4

Note:

Passing credentials in the URI isn't allowed in all sites, nor for all browsers.

Browser Authentication Dialog

If you send a request in a web browser without an Authorization header or credentials, then the browser displays a login prompt automatically for you to enter the user name and password.

Base64 Class

You might have to configure some clients for authentication, for example, in Java you can use the Base64 class:

URLConnection urlConnection = url.openConnection();
String authString = username + ":" + password;
String authStringEnc = new 
String(Base64.getEncoder().encode(authString.getBytes()));
urlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);

Authorization Header

You can use an authorization header, with a base64-encoded string for a valid Oracle B2C Service staff account's user name and password, in the HTTP request to the URI.

In the February 2016 release of Oracle B2C Service, the following types of Authorization headers are supported:

  • Basic
  • Session
  • Bearer (OAuth)

Basic Authorization

For example, if the user agent uses Aladdin as the user name and open sesame as the password, then the field is formed as follows in the HTTP header: 

Authorization: Basic
QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Session Authorization

You can pass the Oracle B2C Service session token in the Authorization header, for example:

Authorization: Session
K3l3yDR2bDDVpH4yX1nnKnRXRD5BYc2HNIxsa

OAuth authorization

You can pass an OAuth token, supplied by an external identity provider (IdP), in the Authorization header.

For example:

Authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Im1KSERiTnI2dURRV2dSaEp4eVhMd0pHVGtiNCIsImtpZCI6I
mlub3JhY2xldHJpYWw5OTkxMy5jZXJ0In0.eyJzdWIiOiJhZG1pbiIsImlzcyI6Imlub3JhY2xldHJpYWw5OTkxMyIsIm
9yYWNsZS5vYXV0aC5zdmNfcF9uIjoiaW5vcmFjbGV0cmlhbDk5OTEzU2VydmljZVByb2ZpbGUiLCJpYXQiOjE0NjI0NDI
zNzYsIm9yYWNsZS5vYXV0aC5wcm4uaWRfdHlwZSI6IkxEQVBfVUlEIiwiZXhwIjoxNDYyNDQyOTc2LCJvcmFjbGUub2F1
dGgudGtfY29udGV4dCI6InVzZXJfYXNzZXJ0aW9uIiwicHJuIjoiYWRtaW4iLCJvcmFjbGUub2F1dGguc3ViLmlkX3R5c
GUiOiJMREFQX1VJRCIsImp0aSI6IjQyMTFiYTc5LWU5MjItNDkzMi04N2EwLTcyMzY2ODNkZmU3MCIsIm9yYWNsZS5vYX
V0aC5jbGllbnRfb3JpZ2luX2lkIjoiOGQ0NDg1ODYtMjk1Yy00YTc4LTgxZWUtNzI4MzRhMzE1OGYxIiwidXNlci50ZW5
hbnQubmFtZSI6Imlub3JhY2xldHJpYWw5OTkxMyIsIm9yYWNsZS5vYXV0aC5pZF9kX2lkIjoiNjg5MTA5NTY3MjQ3OTQ3
NTEiLCJhdWQiOiJodHRwczovL3Nzb2F1dGhzaXRlLm1hcmlhcy51cy5vcmFjbGUuY29tL3NlcnZpY2VzL3Jlc3QifQ.7o
fIjTv5iWv7Uh2TncBfiTmcRvl1vaF5T9Dx8GhQnRL0dvJiODJuynU4JSjX3W1adjhKVCfRZyS2NtgSDheWY5p2_Z7VmFO
bzi0C5kNlqidq_Ulwl-zOso_d_Blnu3dEdMeU7wepK1Nj73UharyyDTNc8MbeiWD7KGsZzAAsalk4w3p2PUwC_pKoSPDq
yCjfT9pZCwHNHG0k0VCXVwhDP4oCfOBjqbS0n-3-EibOzynYPbxqfalQC1dKkCYu160Y_0xNbn-itZycsQVM9uQj4GcAO
-Kam_tygX0jAss3SXVTx9iNKUQAv3MoJOHdgHysQlUGKHRrT0g-bqMwJGDT-A

For more information, see Use OAuth Authorization to Access the Connect REST API.