OAuth Authentication using IDCS

This topic explains how to use the OAuth 2.0 specification to authenticate with the Oracle Unity APIs.


OAuth 2.0 enables the safe retrieval of secure resources while protecting user credentials. Learn more about the OAuth 2.0 Specifications . OAuth is a flexible and secure protocol that relies on SSL (Secure Sockets Layer) to ensure data between web servers and browsers remain private.

Use cases

  • Design programs to obtain authentication tokens from Oracle Identity Cloud Service (IDCS) and then use these tokens to send requests to Responsys APIs, safely and securely.

Before you Begin

Make sure you have the following information:

  • IDCS OAuth token endpoint :https://<idcs_host>/oauth2/v1/token.
  • Client ID and Client Secret from the IDCS app.
  • Responsys API endpoint : https://<responsys_host>.

For more information, refer toWorking with OAuth 2 to Access the REST API.

Generating an OAuth Token

  1. The user must exist in IDCS and is provided access to the proper Responsys instance (CXMARKETINGAUTO_<RSYSInstanceName>). Access may be granted either directly using the user???s properties or can be inherited from an IDCS group to which the user belongs.
  2. In Responsys, assign the proper Functional Access Control roles, as appropriate for this specific user and Responsys instance. For more information, refer to API user in Responsys.


    The Functional Access Control step is currently not applicable for Responsys Express users.
  3. To obtain the IDCS Client ID and Client Secret:
    1. Log into IDCS as an IDCS administrator.
    2. Click on Oracle Cloud Services.
    3. Select the given Responsys instance. The name will start with CXMARKETINGAUTO_ followed by the instance name.
    4. Click on SSO Configuration and check the Entity ID to ensure the value matches the login URL for the given Responsys instance.
    5. Click on Configuration expand the General Information section to get the Client ID and Client Secret.
    6. Use the Client ID and Client Secret values to generate a Base64 encoding.
    7. The syntax of the final authentication call using curl:
      				-H 'Authorization: Basic <base64of(Client ID:Client Secret)>'
      				-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
      				--request POST https://<idcs_host>/oauth2/v1/token 
      				-d 'grant_type=password&scope=<globalRouting_api_endpoint>/API&username=<IDCS_user_name>&password=<password>'	

      Replace the text in brackets ( <> ) with the appropriate values.


      Please use the Base64 encodedvalues for Client ID and Client Secret.
      • grant_type=password
      • username=<IDCS_user_name>
      • password=<password>
      • scope= Account specific websevices global routing URL for the given Responsys instance.