API Key Authentication

The Rest API uses an API Key for authentication. The steps below must be followed for API requests to be authenticated.

1. Generate an API Key.
2. Add APIKey=<OBFAPIKey> to the eftlink-rest-api.properties file, where <OBFAPIKey> is the obfuscated value of your API Key. See the Obfuscating Text using Jetty section below.
3. Consumers must send two subprotocols in the initial HTTP request: "oracle.eftlink.rest.api.key", which will be the negotiated subprotocol, and "oracle.eftlink.rest.api.key. <Base64URLAPIKey>", where <Base64URLAPIKey> is the base64Url-encoded SHA-384 hash of your API Key.

Linux Command:

echo -n '<API_KEY>' | openssl dgst -sha384 -binary | base64 | tr '+/' '-_' | tr -d '='

PowerShell Command:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('<API_KEY>') | % { [System.Security.Cryptography.SHA384]::Create().ComputeHash($_) }) -replace '\+', '-' -replace '/', '_' -replace '=', ''