1. Administering Oracle Field Service
  2. Create an Application

Create an Application

If you want to call REST or SOAP APIs from a third-party application, you must register the third-party application by adding it on the Application page in Oracle Field Service.

  1. Click Configuration > Applications.
    The Applications page appears.
  2. Click the plus icon, add these details, and then click Submit:
    Field Name Description
    Application Name Name of the third-party application that you want to register.
    Application ID A unique ID of the application.
  3. On the Applications page, click the application that you want to register on the left pane and complete these fields:
    Field Name Description
    Application general info section
    Application Name Name of the third-party application that you want to register. This field is populated automatically.
    Application ID A unique ID for the application. This field is populated automatically.
    Active Status of the Application. Inactive Applications don't authenticate or authorize anyone. When you make an active Application inactive, previously-issued access tokens don't work.
    Token Service Type of token service or identity provider the Application uses. Default is OFSC.
  4. Select the authentication service using these fields:
    Field name Description
    Authentication settings section
    Authenticate using Client ID/ Client Secret Select this check box to authenticate the application using client ID and client secret. Click Show Client ID/Client secret to view the client ID and client secret.
    Client ID The client ID for the third-party application. This ID is automatically generated.
    Client Secret/Show Secret The client secret for the third-party application. This information is automatically generated.
    Authenticate using JWT assertion Select this check box to authenticate the application using JWT assertion.
    Authenticate using external access token Select this check box to authenticate the application using an external access token. This field is displayed if you select External for Token service.
    Client Certificate/Upload The certificate signed by the private key of the Application. If this is absent, you cannot use OAuth2 JWT Assertion authentication. Click Upload to upload the certificate.
  5. Select specific APIs for your application using these fields:
    Field name Description
    API Access section
    Add new Click to add new APIs. The Add API access dialog appears. Select the APIs you want to add and click Submit.
    Available methods The list of the API methods available for the corresponding API. Click the menu to modify the fields or methods and to remove access to the API.
    Available entities The list of entities that the users of the current Application have access to. This option is available only for Core API and Metadata API fields.
    Available resource fields/ Available activity fields/ Available inventory fields/ Available service requests fields/ Available user fields The list of the fields available for the corresponding API. Clicking this opens the layout structure, where you can select the fields that the users of the current Application will be able to use to set or update using the API. This page functions as a context layout structure where the fields and their visibilities are set.
    Remove access Removes access to this API. Users that have access to this Application cannot use the corresponding APIs anymore.
  6. Add any access restrictions using these fields:
    Field name Description
    Additional restrictions section:
    Visible resources The resources that are visible to the Application. The Application performs actions only on the resource tree nodes that are included in this setting. If no resources are specified, the Application has access to entire resource tree. Click the pencil icon to select the resources that are visible to this Application.
    Allow access only for certain IP addresses The IP addresses that can access the current application. Add the IP address in the box.
    Allow Cross-origin resource sharing (CORS) from these web domains The white-list of domains from which you can make AJAX requests to Oracle Field Service REST API. Enter each domain name on a separate line. These rules apply:

    • The maximum length of a domain names is 253 characters.

    • The maximum number of domain names you can add is 100.

    • No leading or trailing white space must be present in a domain name.

    • Wildcards or special characters are not supported.

    • A single asterisk “*” indicates that all domains are allowed.

    • Domain names that are added or modified take a few minutes to be populated across the application.
    This table describes how the Visible resources field works:
    Visibility restrictions Behavior
    Empty When a user is authenticated on behalf of this Application, their location in the resource tree is used for visibility restrictions. The Application cannot authorize itself, it can only authorize users.
    Present When a user is authenticated on behalf of this Application, an intersection (not union) of their location in the resource tree and the application visibility restrictions are used for visibility restrictions.