Authentication
Overview
Oracle Maxymiser uses the OAuth protocol to allow users of 3rd-party applications to securely access resources when using the Customer Data API.
Before you make any API calls, you must authenticate the user on whose behalf the request is made. In order to do this you need to:
- Obtain client id and client secret (as described in the App Registration article).
- Retrieve an access token by using the OAuth endpoint and one of the supported OAuth grant flows.
- Include the access token in the Authorization header.
Obtaining client id and secret
Follow the App Registration guide to obtain these.
Supported OAuth 2.0 Grant types
Currently, the only supported OAuth grant type is the Resource Owner Password Credentials Grant.
Resource Owner Password Credentials Grant
Authentication request:
The Authentication (OAuth 2.0) requests use a different endpoint. The URI has the following format:
POST api-auth-<env>.maxymiser.com/oauth2/v1/tokenswhere
<env>
is the environment in which the API is running - use
us for the US datacenter and
eu for the European datacenter
Request details:
Headers:
- Content-type: The type of content that is sent in the request. It is a url-encoded application:
application/x-www-form-urlencoded;charset=UTF-8
- Authorization: This request must authenticate using HTTP Basic. Use the app's Client ID and Client secret in the following format
client_id:client_secret
(encoded with base-64). e.g.Authorization: Basic eyJ0eXAiOiJKV1QiLCJhbG...zMkpJV3JMQSJ
Parameters:
- grant_type: Required. The grant type used to obtain the token. Value:
password
. - username: Required. The Oracle Maxymiser username of the resource owner. The user should have Data Importer permission.
- password: Required. The Oracle Maxymiser password of the resource owner.
curl -i
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
-H "Authorization: Basic aWRwMjpWY2IxMTE="
--request POST http://<domain>/oauth2/v1/tokens
-d 'grant_type=password&username=testuser%40client.com&password=12adfgg345fa'
Response details:
Properties:
- expires_in: the period (in seconds) after which the access token becomes invalid.
- token_type:
Bearer
. - access_token: the access token to be used in requests to the Customer Data API.
{
"expires_in":3600,
"token_type":"Bearer",
"access_token":"eyJhbGciOiJSUz...jFfb_FkJFoIdA"
}
Note:
Refer to RFC 6749 for details of request errors