Call the Developer APIs with Client Credentials

Prerequisites to Complete

Before you can call the Oracle Integration Developer APIs with Client credentials, you must create a confidential client application and perform other prerequisites.

You must be the OCI tenant and domain administrator to configure the confidential client application and assign roles.

For instructions, see:

Access the Identity Domain.
Configure prerequisites for your grant type:
- Prerequisites for Client Credentials and Resource Owner Password Credentials

Information You Need

The following is information you need to send requests through a client.

Information You Need	Where to Find It
Design-time URL or Runtime URL, depending on your use case	See Do You Use the Design-time or Runtime URL?. Example Design-time URL: `https://design-integration-region.ocp.oraclecloud.com/` Example Runtime URL: `https://myInstance-integration-region.ocp.oraclecloud.com/`
Domain Host	You can get the identity domain host from the Domain URL field of the domain you are in. For instructions on accessing your domain, see Access the Identity Domain.
Client ID Client Secret	Add the client ID for the confidential application that you configured. To find your confidential application, access the identity domain, select Integrated Applications, select your application, and look for OAuth Configuration, then Client ID and Client Secret. For instructions, see Access the Identity Domain.
Scope	Add the same scope that you added to your confidential application. You can find the scope you added to the confidential application in your confidential application details under Token Issuance Policy. To find your confidential application, access the identity domain, select Integrated Applications, select your application, and look for OAuth Configuration, then Client ID and Client Secret. For instructions, see Access the Identity Domain. This scope allows users to access both integration endpoints and Oracle Integration Developer APIs: `https://69415C303.integration.ocp.oraclecloud.com:443urn:opc:resource:consumer::all` This scope allows users to only access the Oracle Integration Developer APIs: `https://415C303.integration.ocp.oraclecloud.com:443/ic/api/`
Integration Instance	Name of the integration instance.

Configure Postman for Client Credentials

Postman Configuration page, with Authorization tab selected, fields from top to bottom are Grant Type, Access Token URL, Client ID, Client Secret, Scope, Client Authentication. There is also a Get New Access Token button

Use the Design-time URL or Runtime URL depending on your use case. See Do You Use the Design-time or Runtime URL?.
Example Design-time URL with a call to the Oracle Integration Developer API for connections:
```
https://design-integration-region.ocp.oraclecloud.com/ic/api/integration/v1/connections
```
Example Runtime URL:
```
https://myInstance-integration-region.ocp.oraclecloud.com/ic/api/integration/v1/connections
```
Note:

If you use the Runtime URL, you'll need to configure Postman to Follow Authorization Header in the request settings. This is because if you call the Oracle Integration Developer APIs with the Runtime URL, Oracle Integration redirects to the Design-time URL for the Developer APIs and the call will fail if the authorization header is missing from the request header.

In cURL, use the -l option to forward the authorization header during the redirection.
To configure Postman to forward the authorization header when using the Runtime URL:
1. In the request, click Settings and enable Follow authorization header.

Fill in the required fields.

Field	What to enter
Authorization type	`OAuth 2.0`
Grant Type	`Client credentials`
Access Token URL	Use the identity domain host you identified from your Domain URL. Example: `https://<identity_domain_host>/oauth2/v1/token`
Client ID	Add the client ID for the confidential application that you configured.
Client Secret	Add the client secret for the confidential application that you configured.
Scope	Add the same scope that you added to your confidential application.
Client Authentication	You can choose anything here, does not apply.

Click Get New Access Token.
Click Use Token.
Your token is attached to your request in the Header section.
Click Send to make the call to the API. You should get a list of connections.

cURL command for Client Credentials

Get the access token to be able to make requests with the client credentials. For example:


curl -i -H 'Authorization: Basic OGQyM...ZDA0Mjcz' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --request POST https://<identity_domain_host>/oauth2/v1/token -d 'grant_type=client_credentials&scope=https://<Resource APP Audience>urn:opc:resource:consumer::all'

Syntax:


curl -i -H 'Authorization: Basic <base64Encoded clientid:secret>' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --request POST https://<identity_domain_host>.identity.oraclecloud.com/oauth2/v1/token -d 'grant_type=client_credentials&scope=<app scope>'

where:

<identity_domain_host> is the host name in the Domain URL field of the domain you are in.
<base64-clientid-secret> - Base 64 encode clientId:ClientSecret
<app scope> - Add the same scope that you added to your confidential application.

Capture the access_token from the response.

{
    "access_token": "eyJ4NXQjG...dfsdfsFgets2ed",
    "token_type": "Bearer",
    "expires_in": 3600
}

Use the access_token in the authorization header to invoke the Oracle Integration Developer APIs.
```
curl --location --request GET 'https://<OIC_host>/ic/api/integration/v1/connections' \
--header 'Authorization: Bearer eyJ4NXQjG...dfsdfsFgets2ed'
```
- Where <oic_host> is the Design-time URL host name or Runtime URL host name. See Do You Use the Design-time or Runtime URL?.
  
  Note:
  If you use the Runtime URL host name, you'll need to use the -l option to forward the authorization header because you are automatically redirected to the Design-time host.