43.1 Authentication
REST clients must authenticate before accessing the administrative REST services. First, an Oracle Application Express instance administrator must log into the Oracle Application Express application and register a REST client.
When a client has been registered in Instance Administration, the dialog shows Client ID
and Client Secret
, with which the client can then perform authentication following the OAuth2 Client Credentials
flow. A client first connects with a Client ID
and a Client Secret
as the credentials. Upon successful authentication, the server sends back the OAuth Access Token
. Using this access token, the client can then access the administrative REST services.
HTTP Request Syntax Parameter
Table 43-1 HTTP Request Syntax
Parameter | Description |
---|---|
HTTP Method |
|
URL |
|
Request Body |
|
HTTP Request Headers |
|
Returns
Returns a JSON object with the following structure upon successful authentication:
{
"access_token": OAuth access token fot subsequent requests,
"token_type": "bearer",
"expires_in": lifetime of the OAuth token, in seconds; typically "3600"
}
If authentication is unsuccessful, the server responds with HTTP-401:Unauthorized
.
Examples
In the following exampleClientID
stands for the Client ID and ClientSecret
for the Client Secret.
Example 1
The example displays the following output when you execute command line utility curl
:
$ curl -i
--user ClientId:ClientSecret
--data "grant_type=client_credentials"
http://application-express-host:port/ords/apex_instance_admin_user/oauth/token
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
"access_token":"LfXJilIBdzj5JPRn4xb5QQ..","token_type":"bearer","expires_in":3600
Use a JSON parser to extract the value of the access_token
attribute and use it in subsequent requests.
Example 2
The example displays the following output when you use the APEX_WEB_SERVICE
package in another Application Express instance:
begin
apex_web_service.oauth_authenticate(
p_token_url => 'http://application-express-host:port/ords/apex_instance_admin_user/oauth/token',
p_client_id => 'ClientId',
p_client_secret => 'ClientSecret'
);
dbms_output.put_line( 'The token is: ' || apex_web_service.oauth_get_last_token );
end;
/
The token is: LfXJilIBdzj5JPRn4xb5QQ..
With the acquired OAuth Access Token, the administrative REST Services can be called.
Parent topic: Using REST Administration Interface API