For some REST services, authorization is required in order to make requests against it. For an Oracle Forms application, such authorization credentials are stored in OPSS with an associated "key" name. This key name is referenced from the Forms application as a "Credential ID".

When the Forms application runs and attempts to make a REST call, it uses the Credential ID provided by the application developer. If this Credential ID (or key) is found in OPSS, its details are included with the call. If credentials are required by the service but are not provided, the call fails. Details of this failure are found in the ODL (Oracle Diagnostic Logging) for Forms, but a failure may also be presented to the user as a typical Forms error alert, unless the application code is able to catch or handle this failure condition.

In some cases, the REST service may provide multiple variants of an authorization token or REST server URL—such as one for a production version of the REST service and one for a beta version of the REST service with improved or additional functionality. The OPSS credentials may be constructed so as to enable an end user to select a variant by specifying a specific value for the config parameter in the URL that invokes the Forms application that accesses the REST service. When config=default is specified—or the config parameter is omitted—the variant which is designated as the default variant is selected. The default variant is also selected if there is no OPSS credential corresponding to the config parameter specified in the URL.

The key for the OPSS credential for a default variant must consist of alphanumeric characters and the special characters: underscore [ _ ], dot [.], and hyphen [-]. OPSS credential keys are case-insensitive. The key should be chosen jointly by the administrator and the Forms application developer whose application needs to access the REST service. The Forms application developer may suggest a key. The sysadmin must ensure that it is not already in use.

The key for the OPSS credential for a non-default variant is formed by appending the equals sign [=] and the desired config section name to the OPSS credential for the default variant. The config section name must also consist of alphanumeric characters and the special characters: underscore [ _ ], dot [.], and hyphen [-].