This topic provides the information to access service APIs by passing OAuth token (prior versions - JWT token) as one of the headers from Oracle Banking Virtual Account Management.

1. Generate JWT token by using the below endpoint and headers. (The port used in all the below API calls should be PLATO-APIGATEWAY-ROUTER port)
   Make HTTP POST call to the below endpoint.

   URL: http://<<hostname>>:<<port>>/api-gateway/platojwtauth/

   Header: appId: SECSRV001

   Header: content-Type: application/json

   In the POST body, mention the Base64 encoded username as username and Base64 password as password in the JSON format.

   Sample POST body:

   {
       "username": "T0JEWDAx",
       "password": "d2VsY29tZQ=="
   }

2. Registering clients for OAuth
   Make HTTP POST call to the below endpoint.

   End Point: http://<hostname>:<port>/api-gateway/createOauthUsers

   Header: appId: SECSRV001

   Header: content-Type: application/json

   Header: userId: <USERID>

   Header: Authorization: Bearer <<JWT token created in step 1>>

   In Request Body, ClientId should be Oracle Banking Virtual Account Management User Id created for Oracle Banking Digital Experience and ClientSecret should be the secret password for the OAuth client registration. In addition, the validity is mentioned in seconds till when the token is active.

   Sample Request Body:

   {
       "UserList": 
       [
           {
               "clientId": "client1",
               "clientSecret": "secret1",
               "validity": "86400"
           },
           {
               "clientId": "client2",
               "clientSecret": "secret2",
               "validity": "86400"
           }
       ]
   }

3. Generate OAuth Token
   To get the OAuth token, make an HTTP POST call to the below endpoint with the clientId and clientSecret created in Step 2.

   URL: http://<<hostname>>:<<port>>/api-gateway/platojwtauth/

   Header: appId: SECSRV001

   Header: content-Type: application/json

   Header: sourceCode: <SOURCECODE>

   Note:

   Source Code created for Oracle Banking Digital Experience in Figure 1-2 screen.

   In the POST body, mention the Base64 encoded clientId as username and Base64 clientSecret as password in the JSON format.

   Sample Oauth Token Response:

   {
      "super_user_locale": null,
      "scope": "resource-server-read, resource-server-write",
      "super_user": "N",
      "token_type": "bearer",
      "entity_id": "DEFAULTENTITY",
      "expires_in": "360000",
      "token": "eyJraWQiOiI5MmY4ZjA3YS1kMTBiLTQ4YjItYjVkOS0xMGIxZTg2ZjJlMzMiLCJhbGciOiJSUzI1NiJ9.
                eyJzdWIiOiJESEFSQU5FVTEiLCJhdWQiOiJESEFSQU5FVTEiLCJuYmYiOjE2ODMxNzM5NDgsImlzcyI6
                Imh0dHBzOi8vb2Zzcy1tdW0tNDM5Mi5zbmJvbXByc2hhcmVkMi5nYnVjZHNpbnQwMmJvbS5vcmFjbGV2
                Y24uY29tOjcwMDgvYXBpLWdhdGV3YXkiLCJleHAiOjE2ODM1MzM5NDgsImlhdCI6MTY4MzE3Mzk0OH0.
                XS8pFiYiu2VimP5-iM4R1lpXVNTATm76AKCRC7aWUpKE0Ua-f7ERBkoKJpP55ISu2QwzqUjwzobJskGB
                4ElAc-F_2OgkGeY5At-IDtj_-S4947gEdbZ5gCC1NzpQHW7iYvBRr_axVJs3sV5H_bpsbYbJsUIMqbkc_
                4-o19WYwUOVk_2myjwx3umygzGMKm6mj9ZhVWggBkvyY8k0o4OMcQKyNh_yoqg_tpf6qPUgNRicjtf0s
                JQs-ITPRzv8V9mSfoV_v_C0LX6wEXFWPLYzawtIMYV0kMaa9FCEmrvkZNCXmR-gz07stNdL51b9U_Bvr
                pWRoC0o9lBB3hVkhyWdBQ"
   }

   Use the OAuth token, userId and sourceCode as headers in Oracle Banking Digital Experience setup, to access Oracle Banking Virtual Account Management Service APIs.