The ECE REST API uses OAuth 2.0 access tokens to authenticate client requests.

Before you can send requests to REST API services, you must acquire a valid OAuth access token. Then, your clients must pass the token in the header of every request sent to an ECE REST API service.

If you enable OAuth 2.0 authentication in HTTP Gateway, you must ensure that all incoming requests have an access token in the header. If OAuth 2.0 authentication is disabled, no access token is required. For more information, see "Enabling OAuth 2.0 Authentication in HTTP Gateway" in BRM Security Guide.

You use Oracle Access Management to set up authentication for your client requests. For more information, see "BRM REST Services Manager Security" in BRM Security Guide.