1. REST APIs for Oracle Health Clinical Data ExchangeREST APIs for Oracle Health Clinical Data Exchange
  2. Authenticate
  3. Authenticate with a bearer access token

Authenticate with a bearer access token

This topic describes how to set up a bearer access token using OAuth2.

Note:

As a prerequisite to requesting a bearer access token:
  1. You must create an identity domain for IDCS authentication that the system uses to grant bearer access tokens. For more information, see the Creating an Identity Domain topic in the Oracle Cloud Infrastructure Documentation on Oracle Help Center.
  2. Once you create the identity domain, you must create a client app inside the identity domain. For more information, see the Adding Applications topic in the Oracle Cloud Infrastructure Documentation on Oracle Help Center.

  3. You must configure the client app to consume OAuth2 scopes. For more information, see the Configuring OAuth topic in the Oracle Cloud Infrastructure Documentation on Oracle Help Center.

    Additionally, perform the following steps:

    1. Specify the scopes for your authorization token.

      The following scopes are supported:

      • system/Binary.Read
      • system/DocumentReference.Read
      • system/Patient.Read

    2. Specify the audience as Payer.

    3. Specify the grant type as client_credentials.

Oracle Health Clinical Data Exchange is integrated with IDCS. REST API users can authenticate and authorize by providing an IDCS access token within an HTTP header. The IDCS access token needs to be passed as a bearer token in the Authorization header. You can generate an access token using the REST API token generation endpoint (POST https://<domain_name>/oauth2/v1/token?grant_type=client_credentials).

For example, to authenticate using cURL:

  1. Provide the server and endpoint:

    curl -X POST -s "https://<domain_name>/oauth2/v1/token?grant_type=client_credentials"

    Where <domain_name> is the fully qualified domain name for the host server for Oracle Health Clinical Data Exchange.

  2. Pass the request and authorization headers using the -H cURL option: 

    -H "Content-Type: application/x-www-form-urlencoded"
          -H "Authorization: Basic <base_64_encoded_client_id>:<client_secret>"

    Where:

    • <base_64_encoded_client_id> is the client ID.
    • <client_secret> is the client secret.

    Note:

    You can locate these values on the Application Details page in the OCI Console.

  3. Pass the request body using the -d cURL option: 

    -d "grant_type=client_credentials&scope=__myscopes__"

    Note:

    client_credentials is the only supported value for grant_type.

The folllowing provides an example of the complete cURL command:

curl -X POST -s "https://<server>/oauth2/v1/token?grant_type=client_credentials"
      -H "Content-Type: application/x-www-form-urlencoded"
      -H "Authorization: Basic <base_64_encoded_client_id>:<client_secret>"
      -d "grant_type=client_credentials&scope=__myscopes__"

200 Response:

{  
      "access_token":"<access_token_string>",  
      "token_type":"bearer",  
      "expires_in":<integer>
      }

Where:

  • <access_token_string> is the access token, in alphanumeric format.
  • <integer> is the value of when the token expires, in numeric format.