Create an API Client Account for Integration

Application integration accounts (API clients) are added and edited in Intelligent Advisor Hub by the Permissions administrator. There are different types of API clients that can be added, depending on how the Hub manages identity:

  • An API client for a Hub that doesn't use an OCI IAM identity domain. These client accounts cannot be used to log in to Intelligent Advisor Hub or Oracle Policy Modeling.

  • A locally managed API client for a Hub that uses an OCI IAM identity domain. This type of API client is managed solely in Intelligent Advisor Hub. When an Intelligent Advisor site is switched to using an OCI IAM identity domain, locally managed API clients continue to be able to call Hub API and Determination Server services using their Hub credentials.

  • An identity-domain managed API client for a Hub that uses an OCI IAM identity domain. This type of API client is managed in the identity domain in Oracle Cloud Console but is listed in the Hub for permissions management.

Note that for self-managed Intelligent Advisor customers, if external authentication is enabled, only API clients can access web service APIs. For more information, see Overview of Restricting Access to Intelligent Advisor Web Services.

Add a new API client (for Hubs using local identity management)

To add a new API client:

  1. In Intelligent Advisor Hub, navigate to the Permissions Page.
  2. Select the API clients tab.
  3. Click Create. This will display the New API client page.
  4. In the API CLIENT SETTINGS section, specify:
    • a client identifier
    • (Optional) a new client secret (an auto-generated client secret for the user is displayed in the Client secret field)
  5. In the ROLES section, select roles for the API client:
    • Viewer - clients with this role can view and download projects via the Intelligent Advisor Hub REST API
    • Author - clients with this role can modify, view and download projects via the Intelligent Advisor Hub REST API
    • Permissions administrator - clients with this role can perform permissions-related administrative tasks
    • Connections administrator - clients with this role can perform connections-related administrative tasks
    • Manager - clients with this role can manage deployments via the Intelligent Advisor Hub REST API and via the command-line admin tool
    • Assessment APIs - clients with this role can use the Determinations API to assess cases one at a time or in batches. Note that this role is also required to access (a) OpenAPI services, and (b) the legacy Determinations API interview service.
    • Interview APIs - clients with this role can use the Flow Engine API and Chat API to provide interview experiences

    The New API Client page on the Permissions tab on Intelligent Advisor Hub.

  6. Click Apply to add the new API client. The newly added client now appears on the API clients tab.

Add a new local API client (for Hubs using an OCI IAM identity domain)

In a Hub that is using an OCI IAM identity domain for identity management, you can add an API client that is managed solely in Intelligent Advisor Hub. To do this:

  1. In Intelligent Advisor Hub, navigate to the Permissions Page.
  2. Select the API Clients tab.
  3. Click Create Local client. This will display the New API client page.
  4. In the API CLIENT SETTINGS section, specify:
    • a client identifier
    • (Optional) a new client secret (an auto-generated client secret for the user is displayed in the Client secret field)
  5. In the ROLES section, select roles for the API client:
    • Viewer - clients with this role can view and download projects via the Intelligent Advisor Hub REST API
    • Author - clients with this role can modify, view and download projects via the Intelligent Advisor Hub REST API
    • Permissions administrator - clients with this role can perform permissions-related administrative tasks via the Intelligent Advisor Hub REST API
    • Connections administrator - clients with this role can perform connections-related administrative tasks via the Intelligent Advisor Hub REST API
    • Manager - clients with this role can manage deployments via the Intelligent Advisor Hub REST API and via the command-line admin tool.
    • Assessment APIs - clients with this role can use the Determinations API to assess cases one at a time or in batches. Note that this role is also required to access (a) OpenAPI services, and (b) the legacy Determinations API interview service.
    • Interview APIs - clients with this role can use the Flow Engine API and Chat API to provide interview experiences
  6. Click Apply to add the new local API client. The newly added client now appears on the API clients tab.

Add a new identity domain-managed API client (for Hubs using an OCI IAM identity domain)

In a Hub that is using an OCI IAM identity domain for identity management, you can add an API client that is managed in OCI IAM service but listed in the Hub for permissions management. To do this:

  1. In Intelligent Advisor Hub, navigate to the Permissions Page.
  2. Select the API Clients tab.
  3. Click Create OCI IAM client. This will display the New API Cclient page.
  4. In the API CLIENT SETTINGS section, specify a client identifier.
  5. In the ROLES section, select roles for the API client:
    • Viewer - clients with this role can view and download projects via the Intelligent Advisor Hub REST API
    • Author - clients with this role can modify, view and download projects via the Intelligent Advisor Hub REST API
    • Permissions administrator - clients with this role can perform permissions-related administrative tasks
    • Connections administrator - clients with this role can perform connections-related administrative tasks
    • Manager - clients with this role can manage deployments via the Intelligent Advisor Hub REST API and via the command-line admin tool.
    • Assessment APIs - clients with this role can use the Determinations API to assess cases one at a time or in batches. Note that this role is also required to access (a) OpenAPI services, and (b) the legacy Determinations API interview service.
    • Interview APIs - clients with this role can use the Flow Engine API and Chat API to provide interview experiences
  6. Click Apply to add the new identity-domain managed API client. The newly added client now appears on the API clients tab.

Update an API client's details

To update API client details, such as secret and roles, in Intelligent Advisor Hub:

  1. In Intelligent Advisor Hub, navigate to the Permissions Page.
  2. Select the API Clients tab.
  3. Click the API client name.
  4. (Optional) Click Change client secret to generate a new client secret. You can manually specify a client secret of your choice. Note that you cannot change the client secret for identity-domain managed API clients as these are managed in OCI IAM service.
  5. (Optional) Change the roles as required.
  6. Click Apply.

Note: Users will need to log off and log on again for any new permissions to take effect.

Delete an API client

To delete an existing API client in Intelligent Advisor Hub:

  1. In Intelligent Advisor Hub, navigate to the Permissions Page.
  2. Select the API Clients tab.
  3. Click the API client name.
  4. In the Actions menu, select Delete API client. A warning is displayed stating that the user will be permanently deleted.
  5. Click Delete. The client is removed from the list of API clients on the Permissions page. When you delete an identity-domain managed API client in the Hub, it cannot be used to access any Intelligent Advisor services. Note that history logs, such as the deployment history, will continue to show the client identifier, even if that client no longer exists.

Note: It is not possible for a Permissions administrator to delete themselves.

Related Topics