Oracle Machine Learning Services REST APIs use tokens to authenticate an Oracle Machine Learning Services user.
You access the Oracle Machine Learning REST resources over HTTP and must provide the following information for authentication:
- Username and password for your Oracle Machine Learning Services account.
- An access token.
To access Oracle Machine Learning Services using the REST API, you must provide an access token. To authenticate and obtain an access token, use cURL with the -d option to pass the user name and password for your Oracle Machine Learning Services account against the Oracle Machine Learning User Management Cloud Service REST endpoint /oauth2/v1/token.
The access token has a life span of one hour and can be refreshed before it expires.
-
A token can be refreshed up to 8 hours.
-
A token can be revoked, and a revoked token cannot be refreshed.
-
Each token can be used many times.
-
The token is tied to the user who authenticates using the database credential.
Note:
In case of any issues with the tokenization system, contact Oracle Customer Support.
Authorize User
To authorize a user, you must first exchange credentials for a bearer token.
- Connect to the OML service by providing the following credentials:
export omlservice=https://<oml-cloud-service-location-url>.oraclecloudapps.com
export username=USERNAME
export password=PASSWORD
Here,
-
oml-cloud-service-location-url is a URL containing the REST server portion of the Oracle Machine Learning User Management Cloud Service instance URL that includes the tenancy ID and database name. You can obtain the URL from the Development tab in the Service Console of your Oracle Autonomous Database instance.
-
USERNAME is the OML user name
-
PASSWORD is the OML user password
- Run the following cURL command to generate the access token:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json'
-d '{"grant_type":"password", "username":"'${username}'", "password":"'${password}'"}'
"<oml-cloud-service-location-url>/omlusers/api/oauth2/v1/token"
The access token is generated and displayed:
{"accessToken":"eyJhbGci....6zIw==","expiresIn":3600,"tokenType":"Bearer"}
- Export and save the token to a variable so it can be passed to subsequent requests. Use the command
export token= to export and save the token:export token='eyJhbGci....6zIw=='
Note:
You must wrap the token in single quotation mark while exporting it.
Refresh Token
- To refresh a token, run the following cURL command:
curl -i -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header "Authorization: Bearer ${token}"
-d '{"grant_type":"refresh_token", "refresh_token":"'${token}'"}'
"<oml-cloud-service-location-url>/omlusers/api/oauth2/v1/token"
Note:
You can refresh a token up to eight times.
The command returns the following information once the token is successfully refreshed:
HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Date: Mon, 09 Nov 2021 22:18:41 GMT
Content-Type: application/json
Content-Length: 1106
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
{"accessToken":"eyJhbGci.....w==","expiresIn":3600}
Revoke Token
- To revoke a token, run the following cURL command:
curl -i -X POST --header 'Content-Type: application/json' --header 'Accept: application/json'
--header "Authorization: Bearer ${token}" "<oml-cloud-service-location-url>/omlusers/api/oauth2/v1/token/revoke"
The command returns the following information once the token is successfully revoked:
HTTP/1.1 200 OK
Date: Mon, 09 Nov 2021 22:20:20 GMT
Content-Type: application/json
Content-Length: 15
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
{"status":"ok"}