Location-Based API Requirements

Keep the following requirements in mind for properties that use Simphony Transaction Services Generation 2 (STS Gen 2):
  • The on-premises implementation of STS Gen 2 requires authentication tokens obtained from Enterprise Back Office (EBO) OpenID Connect (IDM).
  • When creating API accounts for STS Gen 2 in EBO API Account Management, set Client Scope to Both or Local to authorize tokens for use with the on-premises API.
  • Authentication tokens are valid for 14 days. Oracle recommends renewing tokens after 7 days for sufficient time to authorize a replacement token before expiration.
  • On-premises components need initial access to EBO IDM endpoints to retrieve authentication-related information for workstations running the on-premises API. For more information, see the Simphony Transaction Services API topic in the Reporting and Analytics User Guide.
  • HTTPS is required for the on-premise API.
  • A valid TLS certificate signed by a trusted root certification authority must be installed on all workstations that use the on-premises API.
  • The workstation hosting the on-premise API must be configured so the deployed TLS certificate is trusted by API clients. This includes making the complete certificate chain available, including any required intermediate and root certification authorities.

  • The certificate must be loaded in the on-premise certificate folder. Default location:

    Simphony/STS/oracle.simphony.sts.onpremise/certificate

  • The certificate file name must match the host name of the workstation running the on-premises API. The supported file extension is .pkcs12. For example: hostname.pkcs12.
  • The host name used in the API base URL must resolve to the workstation hosting the on-premise API and must match the host name covered by the deployed TLS certificate. If your environment relies on internal DNS conventions such as search domains or DNS suffixes, configure name resolution accordingly.
  • The default port for the on-premises API is 5443.

  • API paths following the base URL are the same as those used by the cloud endpoints. Example:

    https://onprem.example.net:5443/api/v1/sample/ABC/locations/biz1