Authenticate

The STAP REST API supports Basic Authentication and OAuth 2.0 access tokens to authenticate client requests.

If using OAuth:

Before you can send requests to REST API services, you must acquire a valid OAuth access token. Then, your clients must pass the token in the header of every request sent to an STAP REST API service.

If you enable OAuth 2.0 authentication in HTTP Gateway, you must ensure that all incoming requests have an access token in the header. If OAuth 2.0 authentication is disabled, no access token is required. For more information, see "Creating a STAP Application in Oracle Identity Cloud Service" in Deployment Guide.

Note:

Authentication and OAuth 2.0 access tokens are required for production systems only. In a test system, you can send requests to the STAP REST API with Basic Authorization, and a basic token in the header.

You use Oracle Access Management to set up authentication for your client requests.