1. Oracle Maxymiser REST APIOracle Maxymiser Campaign Management API
  2. Authentication
  3. OAuth 2.0

OAuth 2.0

Overview

Oracle Maxymiser uses the OAuth protocol to allow users of 3rd-party applications to securely access resources when using the REST API.

Before you make any API calls, you must authenticate the user on whose behalf the request is made. In order to do this you need to:

  • Obtain client id and client secret (as described in the App Registration article).
  • Retrieve an access token by using the OAuth endpoint and one of the supported OAuth grant flows.
  • Include the access token in the Authorization header.

Obtaining client id and secret

Follow the App Registration guide to obtain these.

Supported OAuth Grant types

Currently, the only supported OAuth grant type is the Resource Owner Password Credentials Grant.

Resource Owner Password Credentials Grant

Authentication request

The Authentication (OAuth 2.0) requests use a different endpoint. The URI has the following format:

POST api-auth-<env>.maxymiser.com/oauth2/v1/tokens
where <env> is environment where the REST API is running:

  • us for the US datacenter

  • eu for the European datacenter

Request details

Headers:

  • Content-type: The type of content that is sent in the request. It is a url-encoded application: application/x-www-form-urlencoded;charset=UTF-8
  • Authorization: This request must authenticate using HTTP Basic. Use the app's Client ID and Client secret in the following format client_id:client_secret (encoded with base-64). e.g. Authorization: Basic eyJ0eXAiOiJKV1QiLCJhbG...zMkpJV3JMQSJ

Parameters:

  • grant_type: Required. The grant type used to obtain the token. Value: password.
  • username: Required. The Oracle Maxymiser username of the resource owner.
  • password: Required. The Oracle Maxymiser password of the resource owner.
e.g. 
curl -i
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
-H "Authorization: Basic aWRwMjpWY2IxMTE="
--request POST https://<domain>/oauth2/v1/tokens
-d 'grant_type=password&username=testuser%40client.com&password=12adfgg345fa'

Response details

Properties:

  • expires_in: the period (in seconds) after which the access token becomes invalid.
  • token_type: Bearer.
  • access_token: the access token to be used in requests to the REST API.
e.g. 
{
"expires_in":3600,
"token_type":"Bearer",
"access_token":"eyJhbGciOiJSUz...jFfb_FkJFoIdA"
}

Note:

Refer to RFC 6749 for details of request errors

Using the access token

Once you obtain an access token, it should be passed to each API request with an Authorization header as a Bearer token. For example:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImVwajdFM3M1dkJ6bnN2TU1BeVozMkpJV3JMQSJ9.eyJzdWIiOiJyZXNwdXNlcjFAbWF4eW1pc2VyLmNvbSIsImlhdCI6MTQ2OTU0MzI4MiwiaXNzIjoiTWF4eW1pc2VyIiwiZXhwIjoxNDY5NTQ2ODgyfQ.OoaeAg2COqLxiy0TvlxrwUYQ64QoaZMYFpco5iuOZppEAKz7xZpCM9ZLMa0UrZZ5nXa1CzOFn61BKYIa11xtt_5h6JZ7mkIOPCURiZLyUnxOp_R9jILVLZ3GCvu2eO0vqgcQPZTCbANgkwK7ngL1XSfl16l4OHD3cJFvee5lFbo0KbUL7AawjGQ0w-d3KnSTc-jhSjvIC_08BOmoted3BWLCr5f2ZBQW0OGcp0CIFsPOCYIHJZX5RBWkb1PZ9bP6W4DTTacRnLppC1eJWF28ADwkiWlyWy5eglDTZXSzpsyNgWMf8-L_JKHGqoWeUtn-k2VfHf1hg-0UNoXClgnkw