Security

All resources are accessed in a secure environment. A dual-layer security involving authentication and authorization is employed to ensure a reliable and secure exchange of information.

Authentication

The policy supports a list of mechanisms that the client uses to send authentication credentials.

• Authentication with OAuth 2 (available in OCI (Gen 2) environments only). See Authentication with OAuth 2 - Only for OCI (Gen 2) Environments in REST API for Oracle Enterprise Performance Management Cloud

• Basic authentication over SSL (name and password) for this release. Single Sign-On (SSO) credentials are not supported. If your environment is on Gen 1 Oracle Cloud Infrastructure, use a username in the format identitydomain.username. If your environment is on Gen 2 Oracle Cloud Infrastructure, use username only (without identity domain). See Basic Authentication - for Classic and OCI (Gen 2) Environments in REST API for Oracle Enterprise Performance Management Cloud

• All HTTP requests to the Oracle Enterprise Data Management Cloud Service (EDMCS) REST API require authentication.

• Every HTTP request to EDMCS should supply either HTTP Basic Authentication credentials or an OAuth2 Bearer token through the Authorization header.

Authorization

Any user that has a role or permission to perform an operation in the user interface also has access to its corresponding REST resource. See Working with Roles and Permissions in Administering and Working with Oracle Enterprise Data Management Cloud.