2 Securing PDC REST Services Manager Communications

You can secure inbound and outbound communications with Oracle Communications Pricing Design Center (PDC) REST Services Manager.

Topics in this document:

• About Securing PDC REST Services Manager Communications
• Requesting an OAuth Access Token from Oracle Identity Cloud Service
• Requesting an OAuth Access Token from Oracle Access Management

About Securing PDC REST Services Manager Communications

PDC REST Services Manager uses the following security protocols to secure inbound and outbound requests:

• OAuth 2.0: Authenticates your enterprise product catalog's identity and authorizes it to access the PDC REST Services Manager API by validating an OAuth access token passed in the header of every HTTP/HTTPS request to the PDC REST Services Manager API.

  You can enable OAuth for PDC REST Services Manager using Oracle Identity Cloud Service or Oracle Access Management.

  See either "Requesting an OAuth Access Token from Oracle Identity Cloud Service" or "Requesting an OAuth Access Token from Oracle Access Management" for information about requesting an access token.

• TLS: Secures communication from your enterprise product catalog to PDC REST Services Manager.
• T3S: Secures communication from PDC REST Services Manager to PDC.

See "PDC REST Services Manager Security" in BRM Security Guide for information about configuring PDC REST Services Manager security.

Requesting an OAuth Access Token from Oracle Identity Cloud Service

Request an OAuth access token from Oracle Identity Cloud Service to include in requests to the PDC REST Services Manager APIs. For more information, see "Generate Access Token and Other OAuth Runtime Tokens to Access the Resource" in REST API for Oracle Identity Cloud Service.

To request an OAuth access token using cURL, use the following format for your HTTP/HTTPS request to the Oracle Identity Cloud Service URL:

curl -i
     -H "Authorization: Basic encoded_credentials" \
     -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
     --request POST https://idcs_hostname/oauth2/v1/token \
     -d 'grant_type=client_credentials&scope=https://primaryAudience/scope'

where:

• encoded_credentials is either the client ID and client secret (clientID:clientSecret) or user name and password (username:password) in Base64-encoded format.
• idcs_hostname is the host name of your Oracle Identity Cloud Service instance.
• primaryAudience is the host name and port of your confidential application.
• scope is one of the following:
  • pubevent: Authorizes access to the Publish Event endpoint.
  • metrics: Authorizes access to the Metrics endpoint.

After you submit the request, Oracle Identity Cloud Service returns an OAuth access token. Your client must pass this OAuth access token in the header of every HTTP/HTTPS request sent to the PDC REST Services Manager.

Requesting an OAuth Access Token from Oracle Access Management

You create an access token for OAuth authentication by submitting a request to the Create Access Token Flow endpoint of the Oracle Access Management OAuth REST API. For more information, see "Create Access Token Flow" in REST API for OAuth in Oracle Access Manager.

To request an OAuth access token, use cURL to send an HTTP/HTTPS request to the Oracle Access Management URL:

curl -i --header 'Authorization: Basic encoded_admin' \
     --header "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
     --header "X-OAUTH-IDENTITY-DOMAIN-NAME: identity_domain" \
     --request POST http://oam_host:oam_port/oauth2/rest/token \
     --data-urlencode "grant_type=CLIENT_CREDENTIALS&scope=resource_server.scope"

where:

• encoded_admin is the base64-encoded format of the Oracle Access Management administrator user name and password.
• identity_domain is the name of the OAuth identity domain created in Oracle Access Management for PDC REST Services Manager.
• oam_host:oam_port is the host name and port for the Oracle Access Management server.
• resource_server is the name of the Oracle Access Management resource server created for PDC REST Services Manager.
• scope is the name of a scope.

The following shows an example cURL request for creating an OAuth access token for the PDC_RSM_domain identity domain, PDCRSMResourceServer resource server, and all scope:

curl --location --header 'Authorization: Basic encoded_admin' \
     --header "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
     --header "X-OAUTH-IDENTITY-DOMAIN-NAME: PDC_RSM_Domain" \
     --request POST http://oam_host:oam_port/oauth2/rest/token \
     --data-urlencode "grant_type=CLIENT_CREDENTIALS&scope=PDCRSMResourceServer.all"

If the request is successful, Oracle Access Management returns something similar to this:

{
   "access_token":"access_token",
   "token_type":"Bearer","expires_in":3600
}

Your client must pass this OAuth access token in the header of every HTTP/HTTPS request sent to PDC REST Services Manager.