Authorization and Data Security

Services are secured using J2EE-based security model.

• Authentication

  • Realm-based User Authentication: This verifies users through an underlying Realm. The username and password is passed using HTTP basic authentication.

  • Oauth 2.0 based authentication: This verifies client system based on the Oauth 2.0 bearer token that is obtained from IDCS or OCI IAM using oauth client credentials.

• Authorization

  • Role-based Authorization: This assigns users to roles; authenticated users can access the services with Invoice Matching application roles or custom roles that are assigned to:

    • REIM_APPLICATION_ADMINISTRATOR_JOB

    • FINANCIAL_MANAGER_JOB

    • BUYER_JOB

  • OAuth 2.0 Scope based authorization. Access Token should be obtained for system scope of the environment, for example rgbu:merch:mfcs-stg01. This changes per environment.

• The communication between the server and client is encrypted using one-way SSL. In non-SSL environments the encoding defaults to BASE-64 so it is highly recommended that these REST services are configured to be used in production environments secured with SSL connections.

• If you are using Merchandising data filtering, that will apply to the services as well. The user ID used for the calling the service should be added to the Merchandising SEC_USER table (APP_USER_ID), and then associated to the appropriate group in SEC_USER _GROUP table. For more information on this see the Oracle Retail Merchandising Cloud Service Suite Security Guide - Volume 1.