Oracle Integration Instance APIs: Control User and Client System Access

On This Page

Access at a Glance

Area	More information
People and systems that need access
Authentication method: Several, depending on the API	The APIs have different authentication methods: Oracle Integration built-in REST APIs: OAuth 2.0 token, obtained on behalf of a user or cloud application. Customer-built APIs: Determined by the adapter that builds the API. The adapter that you use as the trigger for an integration builds the integration's API.
Authorization methods: Service roles	The APIs have different authorization methods: Oracle Integration 3 REST API and customer-built APIs: Oracle Integration service roles. See Oracle Integration 3 Service Roles in Provisioning and Administering Oracle Integration 3. OCI Process Automation REST API: Process Automation roles and process application roles: Process Automation roles provide functional security. See Process Automation Roles in Administering Oracle Cloud Infrastructure Process Automation. Process Automation roles control access to the administration and designer APIs. Process application roles provide data security. See About Process Application Roles in Using Oracle Cloud Infrastructure Process Automation. Process application roles control access to the runtime APIs. The following list identifies the administration, designer, and runtime APIs in the OCI Process Automation REST API: Credentials: Administration APIs Decision Applications: Designer APIs Decisions: Runtime APIs Dynamic Processes: Runtime APIs Process Applications: Designer APIs Processes: Runtime APIs Roles: Administration APIs User Configurations: Runtime APIs User Tasks: Runtime APIs In some situations, users have implicit access to resources, regardless of their roles. For instance: A task's assignee, candidate, and creator have implicit view access to a task. The creator of an instance has implicit view access for the instance. The Process Application Administrator role has irrevocable manage permission of all process applications. A user's access is a combination of their assigned roles and their implicit permissions. File Server in Oracle Integration 3 REST API: For details about this API's authorization methods, see File Server: Control User and Client System Access.

Area

More information

People and systems that need access

Instance users Client systems

Authentication method:

Several, depending on the API

The APIs have different authentication methods:

Oracle Integration built-in REST APIs: OAuth 2.0 token, obtained on behalf of a user or cloud application.
Customer-built APIs: Determined by the adapter that builds the API. The adapter that you use as the trigger for an integration builds the integration's API.

Authorization methods:

Service roles

The APIs have different authorization methods:

Oracle Integration 3 REST API and customer-built APIs: Oracle Integration service roles.

See Oracle Integration 3 Service Roles in Provisioning and Administering Oracle Integration 3.
OCI Process Automation REST API: Process Automation roles and process application roles:
- Process Automation roles provide functional security. See Process Automation Roles in Administering Oracle Cloud Infrastructure Process Automation.
  
  Process Automation roles control access to the administration and designer APIs.
- Process application roles provide data security. See About Process Application Roles in Using Oracle Cloud Infrastructure Process Automation.
  
  Process application roles control access to the runtime APIs.
The following list identifies the administration, designer, and runtime APIs in the OCI Process Automation REST API:
- Credentials: Administration APIs
- Decision Applications: Designer APIs
- Decisions: Runtime APIs
- Dynamic Processes: Runtime APIs
- Process Applications: Designer APIs
- Processes: Runtime APIs
- Roles: Administration APIs
- User Configurations: Runtime APIs
- User Tasks: Runtime APIs
In some situations, users have implicit access to resources, regardless of their roles. For instance:
- A task's assignee, candidate, and creator have implicit view access to a task.
- The creator of an instance has implicit view access for the instance.
- The Process Application Administrator role has irrevocable manage permission of all process applications.
A user's access is a combination of their assigned roles and their implicit permissions.
File Server in Oracle Integration 3 REST API: For details about this API's authorization methods, see File Server: Control User and Client System Access.

How to Control Access

Security goal	Owner	More information
Create an OAuth client application with the appropriate scopes so that the client can access the API		Follow the guidance for the API that you need to access: Oracle Integration REST APIs See OAuth Authentication in Oracle Integration in REST API for Oracle Integration 3. OCI Process Automation REST APIs See Security, Authentication and Authorization in REST API for Oracle Cloud Infrastructure Process Automation. File Server REST APIs See OAuth Authentication in Oracle Integration for File Server in REST API for File Server in Oracle Integration 3. Customer-built REST APIs Oracle provides a guide for using each adapter. See Configure Connection Properties in Using Integrations in Oracle Integration 3 for links to all adapter guides.
Provision the users who need to access the REST APIs		If your tenancy uses identity domains, see Workflow for Access in an Identity Domain in Provisioning and Administering Oracle Integration 3. If your tenancy doesn't use identity domains, see Workflow for Access Without an Identity Domain in Provisioning and Administering Oracle Integration 3. If any users must access the customer-built-APIs, assign them the ServiceInvoker role.

Security goal

Owner

More information

Create an OAuth client application with the appropriate scopes so that the client can access the API

Oracle Cloud Infrastructure tenant and domain administrator

Follow the guidance for the API that you need to access:

Oracle Integration REST APIs

See OAuth Authentication in Oracle Integration in REST API for Oracle Integration 3.
OCI Process Automation REST APIs

See Security, Authentication and Authorization in REST API for Oracle Cloud Infrastructure Process Automation.
File Server REST APIs

See OAuth Authentication in Oracle Integration for File Server in REST API for File Server in Oracle Integration 3.
Customer-built REST APIs

Oracle provides a guide for using each adapter. See Configure Connection Properties in Using Integrations in Oracle Integration 3 for links to all adapter guides.

Provision the users who need to access the REST APIs

Oracle Cloud Infrastructure tenant and domain administrator

If your tenancy uses identity domains, see Workflow for Access in an Identity Domain in Provisioning and Administering Oracle Integration 3.
If your tenancy doesn't use identity domains, see Workflow for Access Without an Identity Domain in Provisioning and Administering Oracle Integration 3.

If any users must access the customer-built-APIs, assign them the ServiceInvoker role.

Note:

Instance users, typically integration developers, are responsible for configuring connections to customer-built APIs. Afterwards, the developer uses the connection in an integration, finalizes the integration, and activates the integration. When the integration runs, Oracle Integration exposes the integration's customer-built APIs. These APIs follow the authentication for the adapter upon which the connection is based. Each adapter supports different authentication patterns. Oracle provides a guide for using each adapter. See Available Adapters for Connections in Using Integrations in Oracle Integration 3 for links to all adapter guides.