Use JSON Web Token for Authorization
JSON Web Token (JWT) is a compact token format that lets you authorize yourself. A JWT has the username and the expiration period for the token, and is passed by your client application to Oracle Applications Cloud REST APIs. Note that JWT is only a way to share username to the server, but not a way to authenticate the user. You get the JWT from your client application and it's a Base64url encoded value.
Here's a sample JWT token:
principal "User_Name"
expires_in 14400000
token_type "JWT"
access_token "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik9aOVBxbnotd0xraERLclQwSEhBVDFVWE1GQSIsImtpZCI6InRydXN0c2VydmljZSJ9.eyJleHAiOjE1NDkwMzEzMzcsInN1YiI6IlNBTEVTX0FETUlOIi
When passing a JWT in a REST client such as Postman, you must select the Authorization Type as Bearer Token and enter the token value in the Token field, as shown in this screenshot:
JWT is open source, and you can get a JWT in several ways. Alternatively, you can use any programmatic method to call REST APIs. For example, see topic How to Call RESTful Web Services from Groovy Scripts.