1. REST APIs for <Sales Audit>REST APIs for Sales Audit
  2. Learn More
  3. Authorization and Data Security

Authorization and Data Security

Services are secured using J2EE-based security model.

  • Realm-based User Authentication: This verifies users through an underlying Realm. The username and password is passed using HTTP basic authentication.

  • Role-based Authorization: This assigns users to roles; authenticated users can access the services with Sales Audit application roles or custom roles that are assigned to:

    • MERCH_SERVICE_ACCESS_PRIV

  • The communication between the server and client is encrypted using one-way SSL. In non-SSL environments the encoding defaults to BASE-64 so it is highly recommended that these REST services are configured to be used in production environments secured with SSL connections.

  • If you are using Merchandising data filtering, that will apply to the services as well. The user ID used for the calling the service should be added to the Merchandising SEC_USER table (APP_USER_ID), and then associated to the appropriate group in SEC_USER _GROUP table. For more information on this see the Oracle Retail Merchandising Cloud Service Suite Security Guide - Volume 1.