Security

The Empirica Topics REST API supports two authentication methods, Basic and oAUTH 2.0. For cloud installations, the service is configured for use with oAUTH only using IDCS as the token provider.

Basic Authentication

The WebLogic administrator must create a user for exclusive use by your application and the Oracle Empirica Topics web service as described in the Empirica Installation and Upgrade Instructions.

The Oracle Empirica Topics web service username and password credentials are provisioned on the Oracle Empirica Topics WebLogic server. Your application then sets this username and password, along with the standard WS-SECURITY Username Token Policy, as part of every web service call. The Oracle Empirica Topics server validates access to the Topics web service using these credentials. The Oracle Empirica Topics server can return an exception if the web service credentials are not correct or the Username Token Policy has not been set. The Oracle Empirica Topics web service will then not be available to your application.

oAUTH 2.0 Authentication

The Oracle Empirica Signal TopicsService application must be configured to specify the oAUTH authentication provider ,as described in the Empirica Installation and Upgrade Instructions, with the necessary URLS. Your application generates an oAUTH token from the token provider. The ClientID and ClientSecret for the token provider must be known to your application. Your application calls Empirica Topics API endpoints using the generated token. The token is then validated by the Empirica Topics Server. The Oracle Empirica Topics server returns an exception if the token is not a valid one.