REST API for OAuth in Oracle Access Manager

All REST Endpoints

Admin/Application

An Application is the Resource Server that hosts the protected resources. The REST endpoint is used to Create, Read, Update and Delete an Application.

Add a new Resource Server: Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Delete a Resource Server by name or ID: Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Find OAuth Resource Server by name or ID: Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Update an existing OAuth Resource Server either based on the name of the resource server or the ID of the resource server.: Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application

Admin/Client

A Client is an application making protected resource requests on behalf of the resource owner and with the resource owner's authorization. The REST endpoint is used to Create, Read, Update and Delete a Client.

Add a new OAuth Client: Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Delete a Client by name or Client Id: Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Find OAuth Client by name or ID: Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Update an existing OAuth Client based on the name of the client.: Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client

Admin/Client Artifact

The REST endpoint is used to import and delete a Client Certificate.

Add a client certificate under a Client: Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts
Delete the certificate under a Client: Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts

Admin/Client Trust Certificates

The operations from the Admin/Client Trust Certificates category.

Add a new trust certificate for client authentication: Method: post
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Delete an oauth client trust certificate: Method: delete
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Retrieve an oauth client trust certificate: Method: get
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Update a trust certificate for client authentication: Method: put
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate

Admin/Consent Management

The REST Endpoint enables an Administrator to manage consents on User behalf. The Administrator can either view or delete user consents.

Delete User Consent's: Method: delete
Path: /oam/services/rest/consent
Find User Consent's: Method: get
Path: /oam/services/rest/consent

Admin/Identity Domain

An Identity Domain corresponds to the notion of a tenant. All clients and resource servers are created under an Identity Domain. The REST endpoint is used to Create, Read, Update and Delete and Identity Domain.

Add a new OAuth Identity Domain: Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Delete an Identity Domain by name or ID: Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Find OAuth Identity Domain by name or ID: Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Update an existing OAuth Identity Domain: Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain

Admin/KeyPair Admin

The REST endpoint is used to create, read and delete a KeyPair Artifact that can be used to sign tokens.

Add a new KeyPair: Method: post
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair
Delete a KeyPair based on the Alias Name: Method: delete
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair
Get a KeyPair or list of KeyPairs: Method: get
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair

Admin/Revoke Tokens

This Rest endpoint enables Administrators to revoke all OAuth Tokens for a particular User or all tokens for a User and Client+ResourceServer combination. Admin can also revoke all tokens issued before a specific timestamp.

Revoke tokens for a user: Method: post
Path: /oam/services/rest/consent/revoke

Admin/Template

Admin Template related REST API Support

Creates new template with given details for the entire system.: Method: post
Path: /oam/services/rest/ssa/api/v1/template/{name}
Deletes template with specified template name.: Method: delete
Path: /oam/services/rest/ssa/api/v1/template/{name}
Displays template with specified template name.: Method: get
Path: /oam/services/rest/ssa/api/v1/template/{name}
Update an existing Template based on the name of the template.: Method: put
Path: /oam/services/rest/ssa/api/v1/template/{name}

Admin/Trust Artifact

The REST endpoint is used to import and delete a certificate from the trust store under an Identity Domain.

Add a new trust artifact under an Identity Domain: Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts
Delete a Trust Artifact under an IdentityDomain based on the Artifact Identifier: Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts

Admin/mTLS Endpoint Configuration

The operations from the Admin/mTLS Endpoint Configuration category.

Create mTLS end point alias: Method: post
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
delete mTLS end point alias: Method: delete
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
Read mTLS end point alias: Method: get
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
Update mTLS end point alias: Method: put
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls

Runtime/Consent Management

The REST Endpoint enables an End User to manage OAuth consents. End User can either view or delete their consents. The REST Endpoint on Runtime Server are protected with OAM SSO. Thus once the user has successfully Signed In, then only the REST API will be accessible.

Delete User Consent's: Method: delete
Path: /oauth2/rest/consent
Find User Consent's: Method: get
Path: /oauth2/rest/consent

Runtime/Create Token

The REST end point is used to create an Access Token.The same end point is used for ClientCredentials Flow, Resource Owner Password Credential Flow, JWT Bearer Flow and Authorization Code Flow.

Create Access Token Flow: Method: post
Path: /oauth2/rest/token

Runtime/Dynamic Client Registration

REST endpoints for Dyanamic Client Registration/Management

Client can retrieve it's details using access token acquired through authorization flow: Method: get
Path: /oauth2/rest/dcr/client
Get the Initial access token which can be used for registration of OAuth client using DCR flow: Method: get
Path: /oauth2/rest/dcr/token
Register the client using registration token acquired for given domain: Method: post
Path: /oauth2/rest/dcr/client

Runtime/Introspect Token

The REST endpoint used introspect Oauth tokens.

Introspect OAuth tokens: Method: post
Path: /oauth2/rest/token/introspect

Runtime/Revoke Token

This REST end point can be used to revoke an access or a refresh token generated via three legged OAuth flow (Authorization Code Flow). It can also revoke the associated consent or grant by giving additional optional parameters.

Revokes given access/refresh token.: Method: post
Path: /oauth2/rest/token/revoke

Runtime/Security

The REST endpoint used to fetch public certificate of a given Identity domain.

Fetch the public certificate of a given Identity Domain: Method: get
Path: /oauth2/rest/security

Runtime/UserInfo

The REST end point to retrieve User Details for OIDC flows.

UserInfo details for OIDC flows: Method: get
Path: /oauth2/rest/userinfo

Runtime/Validate Token

The REST end point is used to validate an Access Token.

Validate Access Token Flow: Method: get
Path: /oauth2/rest/token/info