Manage Access Using OAuth

Buying Experience uses the OAuth 2.0 protocol to authenticate external applications and authorize users to access the REST APIs. The OAuth token-based authentication helps to prevent unauthorized access to application resources. The OAuth role-based authorization helps to protect the data viewed and managed by users.

The external applications use the confidential application created in Oracle Identity Cloud Service, referred to as trusted client, to access the Buying REST APIs. You can use the CX Industries Framework Gateway and the CX Industries Framework's trusted client to access these APIs. The request to access the REST APIs must include an OAuth access token. You can generate these tokens by using the client ID, client secret, and scope of the CX Industries Framework's trusted client in Oracle Identity Cloud Service.

You can pass the access token in the header of the HTTP request. These tokens are converted into an authentication header and the sign-in URL is called to pass the authentication header to the authentication service. On authentication, you can access the REST APIs.