Authenticate

Oracle Machine Learning REST APIs, such as the REST API for Embedded Python Execution, use tokens to authenticate an Oracle Machine Learning user.

You access the Oracle Machine Learning for Python REST API Embedded Python Execution functions over HTTP and must provide the following information for authentication:

  • User name and password for your Oracle Machine Learning Cloud Service account.

To authenticate and obtain a token, use cURL with the -d option to pass the user name and password for your Oracle Machine Learning account against the Oracle Machine Learning User Management Cloud Service REST endpoint /oauth2/v1/token.

Example of cURL command to send request to Oracle Machine Learning User Management Cloud Service REST endpoint /oauth2/v1/token: 

$ curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' 
-d '{"grant_type":"password", "username":"'${username}'", "password":"'${password}'"}' 
"<oml-cloud-service-location-url>/omlusers/api/oauth2/v1/token"

The example uses the following values:

  • username is the user name of an Oracle Machine Learning user who has the OML DEVELOPER role.
  • password is the password for your username.
  • oml-cloud-service-location-url is an URL containing the REST server portion of the Oracle Machine Learning User Management Cloud Service instance URL that includes the tenancy ID, database name, and the location name. You can obtain the omlserver URL from the Development tab in the Service Console of your Oracle Autonomous Database instance.

    Note:

    When a token expires, all calls to the OML Services REST endpoints will return a message stating that the token has expired along with the HTTP error: HTTP/1.1 401 Unauthorized

Refresh the Token

Once the token is generated, it remains valid for 60 minutes. It expires after that. You can refresh the token before it expires by running the code below:

$ curl -i -k -X POST --header 'Content-Type: application/json' 
--header 'Accept: application/json' --header 
"Authorization: Bearer ${token}" -d '{"grant_type":"refresh_token", "refresh_token":"'${token}'"}' 
"${omlservice}/omlusers/api/oauth2/v1/token"

HTTP/1.0 200 Connection Established

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Thu, 07 Nov 2024 20:55:54 GMT
Content-Type: application/json
Content-Length: 1266
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self' static.oracle.com; img-src 'self' data: static.oracle.com; media-src 'none'; object-src 'none'; script-src 'self' static.oracle.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' static.oracle.com 'unsafe-inline'; frame-ancestors 'none'

{"accessToken":"eyJh........qiUFxJ8Y","tokenType":null,"expiresIn":3600}

Revoke the Token

You can revoke your token at any time to invalidate it, preventing further access. The following cURL command illustrates how to revokes the token:

curl -X POST --header 'Content-Type: application/json' 
--header 'Accept: application/json' -d '{"grant_type":"password", "username":"'${username}'", "password":"'${password}'"}' 
"${omlservice}/omlusers/api/oauth2/v1/token/revoke"