1. Implementation Guide
  2. Invoking POM Services Using OAuth

10 Invoking POM Services Using OAuth

This chapter details the steps to invoke POM ReST services using the OAuth protocol. Using the OAuth protocol is a two-step process:

  • Request an access token from an authentication provider: IDCS or OCI IAM.

  • Provide the access token as an authorization header when invoking a service.

Prerequisite

As a one-time setup, Customers are required to create an OAuth client using the Retail Home Create IDCS OAuth 2.0 Client function. The OAuth client must be created against the "POM" app with the scope 
rgbu:pom:services-customer-administrator-<ENV_ID>

where <ENV_ID> represents the unique environment identifier such as PRD1, STG1, DEV1 and so on.

For example, the DEV1 scope would be: 
rgbu:pom:services-customer-administrator-DEV1

For more information about creating the OAuth client, refer to the "Creating IDCS OAuth 2.0 Client Apps" chapter in the Retail Home Administration Guide.

Requesting the Access Token

To generate a token from IDCS, the following information is needed:

  • IDCS URL

  • Client Id and Client Secret

  • OAuth Scope

The curl command below invokes an IDCS service to generate an access token:

curl -I -H 'Authorization: Basic <base64Encoded OAuth_Clientid:Secret>' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --request POST <IDCS_URL>/oauth2/v1/token -d 'grant_type=client_credentials&scope=rgbu:pom:services-customer-administrator-<ENV_ID>'

This is a standard ReST call, with the following specifics:

  • <IDCS URL> is the IDCS URL of this instance.

  • <base64Encoded OAuth_Clientid:Secret> is the Base64-encoded OAuth Client Id and Client Secret provided as a Basic Authentication header.

  • Specify the body as:

    grant_type=client_credentials&scope=

    rgbu:pom:services-customer-administrator-<ENV_ID>

    The response to this call will be in this format:

    {
       "access_token": "<TOKEN>", 
       "token_type": "Bearer", 
       "expires_in": 3600
    }

Invoking the POM Service

To invoke the POM ReST service, you must add an authorization header as Bearer <token>, that is:

  • The word Bearer

  • A space

  • A valid token obtained as described in Requesting the Access Token

For example, the POM nightly cycle start request would look something like the following:

curl -i -H 'Authorization: Bearer <OAuth Token>' -H 'Content-Type: application/json' --request POST 'http://<pom-server-host>/ProcessServices/services/private/executionEngine/schedules/<Schedule_Name>/execution?skipVersion' -d '{ "cycleName" : "Nightly",  "flowName" : "Nightly"}'