1. Oracle Maxymiser Customer Data APIOracle Maxymiser Customer Data API
  2. Authentication

Authentication

Overview

Oracle Maxymiser uses the OAuth protocol to allow users of 3rd-party applications to securely access resources when using the Customer Data API.

Before you make any API calls, you must authenticate the user on whose behalf the request is made. In order to do this you need to:

  • Obtain client id and client secret (as described in the App Registration article).
  • Retrieve an access token by using the OAuth endpoint and one of the supported OAuth grant flows.
  • Include the access token in the Authorization header.

Obtaining client id and secret

Follow the App Registration guide to obtain these.

Supported OAuth 2.0 Grant types

Currently, the only supported OAuth grant type is the Resource Owner Password Credentials Grant.

Resource Owner Password Credentials Grant

Authentication request:

The Authentication (OAuth 2.0) requests use a different endpoint. The URI has the following format: 
POST api-auth-<env>.maxymiser.com/oauth2/v1/tokens
where <env> is the environment in which the API is running - use us for the US datacenter and eu for the European datacenter

Request details:

Headers:

  • Content-type: The type of content that is sent in the request. It is a url-encoded application: application/x-www-form-urlencoded;charset=UTF-8
  • Authorization: This request must authenticate using HTTP Basic. Use the app's Client ID and Client secret in the following format client_id:client_secret (encoded with base-64). e.g. Authorization: Basic eyJ0eXAiOiJKV1QiLCJhbG...zMkpJV3JMQSJ

Parameters:

  • grant_type: Required. The grant type used to obtain the token. Value: password.
  • username: Required. The Oracle Maxymiser username of the resource owner. The user should have Data Importer permission.
  • password: Required. The Oracle Maxymiser password of the resource owner.
e.g. 
curl -i
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
-H "Authorization: Basic aWRwMjpWY2IxMTE="
--request POST http://<domain>/oauth2/v1/tokens
-d 'grant_type=password&username=testuser%40client.com&password=12adfgg345fa'

Response details:

Properties:

  • expires_in: the period (in seconds) after which the access token becomes invalid.
  • token_type: Bearer.
  • access_token: the access token to be used in requests to the Customer Data API.
e.g. 
{
  "expires_in":3600,
  "token_type":"Bearer",
  "access_token":"eyJhbGciOiJSUz...jFfb_FkJFoIdA"
}

Note:

Refer to RFC 6749 for details of request errors