Authentication/Authorization for accessing Cruise REST API

3 Authentication/Authorization for accessing Cruise REST API

The Oracle Hospitality Cruise Property Management REST API’s accepts an OAuth2 token for authentication. Currently, we are only supporting client Credential flow.

To call REST API, a token is needed via below.

Obtaining a Token

Obtain the token as a POST request using the URL:

https://<hostname>/<contextpath>/access/token

Provide a basic authentication header. The header is a base64-encoded combination of your clientID and clientSecret. For example, if your clientID is clientid and your clientSecret is client-secret, the HTTP header appears as follows:

Pass the parameters described in the following table in x-www-from-url encoded format:

Table 3-1 Parameter

Parameter	Value	Description
grant_type	Password	Indicates the type of OAUTH grant required
Username	<username>	Your user name for the service
Password	<password>	Your password for the service

The response is a JSON Web Token (JWT) that contains the information described in the following table:

Table 3-2 Token Fields

Field	Description
access_token	Enables access to the SPMS Platform
expires_in	Number of seconds the token is valid
token_type	Bearer
refresh_token	Enable access to SPMS Platform
Scope	Scope of token

Using the Access Token

After you obtain the access token, use the token to access the SPMS Platform at the following URL:

https://<host><port>/contextpath/<serviceURL>/

Supply a Bearer Authentication header with the access token in the following format:

Content-Type: application/json
Authorization: Bearer <access token>

The access token is valid until it expires. You can determine when the token expires based on the expires_in value returned when you obtain the access token.