About Requests to Invoke Integrations

All integrations using this adapter as a trigger connection are protected by default using HTTP Basic Authentication and OAuth token-based authentication.

You currently can authenticate your requests to invoke integrations in either of the following ways:
  • Using HTTP Basic Authentication by sending the credentials of the user (that is, created in your identity domain) through the HTTP authorization header
  • Sending an OAuth access token in the header while invoking an Oracle Integration endpoint after acquiring the access token from your identity domain that serves as the OAuth authorization provider

You must have the ServiceUser role in your identity domain to invoke integrations.

Invoke Integration Endpoints Using HTTP Basic Authentication

This authentication method allows the credentials belonging to an Oracle Integration user to send the request to invoke an integration. You must create this user in your identity domain and ensure that the user was granted the role for invoking an integration.

The user can be:

  • Human - representing a business user such as a sales representative, technician, or any other person for invoking an integration
  • Nonhuman - representing a service integration account used by an external client application for invoking an integration

Even though it's easy to implement the authentication scheme, this is the least secure way to send a request to Oracle Integration for invoking an integration. Also, Oracle Integration doesn't recommend this authentication scheme.

In addition, the customer must ensure the credentials, when reset, are provided to the client application that invokes the integration to ensure a new set of credentials are being used from then on.

Assign appropriate users and groups of users to the various Oracle Integration roles. For standard/production configurations, use the ServiceUser role. See Oracle Integration Roles and Assign Oracle Integration Roles to Groups in Provisioning and Administering Oracle Integration 3.

Invoke Integration Endpoints Using OAuth Token-Based Authentication

This authentication scheme allows the external client to acquire a token that is also sent as part of the request sent to invoke an integration.

The most important step for an application in the OAuth flow is how the application receives an access token (and optionally a refresh token). A grant type is the mechanism used to retrieve the token. OAuth defines several different access grant types that represent different authorization mechanisms.

Applications can request an access token to access protected endpoints in different ways, depending on the type of grant type specified in the identity provider. A grant is a credential representing the resource owner's authorization to access a protected resource.

The following sections discuss the various grant types and their pros/cons, along with instructions on how to configure the specific grant type.