Use JSON Web Token for Authorization

JSON Web Token (JWT) is a compact token format that lets you authorize yourself. A JWT has the user name and the expiration period for the token, and is passed by your client application to Oracle Fusion Cloud HCM REST APIs. Note that JWT is only a way to share the user name to the server, but not a way to authenticate the user. You get the JWT from your client application and it's a Base64url encoded value.

Here's a sample response with an access token.

principal    "User_Name"
expires_in    14400000
token_type    "JWT"
access_token    "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik9aOVBxbnotd0xraERLclQwSEhBVDFVWE1GQSIsImtpZCI6InRydXN0c2VydmljZSJ9.eyJleHAiOjE1NDkwMzEzMzcsInN1YiI6IlNBTEVTX0FETUlOIi
wiaXNzIjoid3d3Lm9yYWNsZS5jb20iLCJwcm4iOiJTQUxFU19BRE1JTiIsImlhdCI6MTU0OTAxNjkzN30.iyehNURzZ6drKwrZ30wLMgjWZvNHjtPquB4OqY1URrjb7h_rbaSXyGHVjF83unThl4P9YDc2soTaTtyBTsEdnjHdbmhyTyNeJsaX
iyId9kQRc8aY7FKjc_KN0B4W4ehiZDz_C5Ju0Wj0Zbnws5ps0neBekKaBjz_QQOGKwpHPxcvJff4MqsCeLPZd3e7SdjY3mcOizkfaQergQY--pEYeGPqzmTaz_oTtDKrkG3DatRrWOPnlb4-I6TsYI9ccVxVshZMfhf9O0vP54SvDMfb56Vl3
FP-idskXXYoVVa0artLDE-0_npE0tGZdK-EvHmcyLcJsE7hvv2QnfDFnng"

When passing a JWT in a REST client such as Postman, you must select the Authorization Type as Bearer Token and enter the token value in the Token field, as shown here.

JWT is open source, and you can get a token in many other ways. For example, you can use this Groovy code in your code to get the token from Oracle Fusion Cloud HCM.

def jwt = new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken();