1. REST API for Oracle Platform Security Services
  2. Managing Credentials in the Credential Store

3 Managing Credentials in the Credential Store

Oracle Platform Security Services (OPSS) uses the Credential Store Framework (CSF) to manage credentials in a secure form. You can view and manage credentials in the store using REST.

Section Method Resource Path

POST Credentials Method

POST

/opss/v2/credentials

GET Credentials Using Map and Key Method

GET

/opss/v2/credentials/

GET Credentials Using Map Method

GET

/opss/v2/credentials

GET Credential Using Resource ID

GET

/opss/v2/credentials/resourceId

PUT Credential Using Resource ID

PUT

/opss/v2/credentials/resourceId

DELETE Credential Using Resource ID

DELETE

/opss/v2/credentials/resourceId

POST Credentials Method

Use the POST method to create new credentials in the credential store.

REST Request

POST /opss/v2/credentials

Request Body

Media types for the request or response body.

Media Types:                                          application/json

The request body contains the details of the create request:

Table 3-1 Credentials Attributes

Attribute Description Required

“userName“

Username for the credential.

Yes

“password“

Password for the credential.

Yes

“description“

Description for the credential.

Optional

“expiration“

Expiration date for the credential formatted as yyyy-MM-dd' T'HH:mm:ss.SSSZ.

Optional

“namespace“

Unique name for the credential namespace.

Yes

“name“

Unique name that identifies the credential.

Yes

Response Body

The output of a POST request is a Resource ID.

cURL Example

The following example shows how to create a credential in the credential store by submitting a POST request on the REST resource using cURL.

curl -i -X POST -u username:password --data @createcred.json -H Content-Type:application/json https://myhost:7001/opss/v2/credentials

Example of Request Body

The following example shows the request body in JSON format. 

{
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "namespace: "MyMap",
    "name":"myKey"
}

GET Credentials Using Map and Key Method

Use the GET method to search the entire CSF for a credential given its map and key name.

REST Request

GET /opss/v2/credentials

Response Body

Media types for the request or response body.

Media Types:                                            application/json

The response body contains attributes for the credential. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/idaas/platform/
   opss/v2/credentials?filter=map=mymap,key=mykey

Example of Response Header

The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods. 

HTTP/1.1 200 OK

Example of Response Body

The following example shows the response body in JSON format.

{
    "id": "1234567890"
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "type": "PasswordCredential"
}

GET Credentials Using Map Method

Use the GET method to search the entire CSF for a list of credentials given a map name.

Note:

If a map contains generic credentials, then it will not be present in the list.

REST Request

GET /opss/v2/credentials

Response Body

Media types for the request or response body.

Media Types:                                                    application/json

The response body contains attributes for the credentials. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/opss/v2/credentials?
   filter=map=mymap

Example of Response Header

The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods. 

HTTP/1.1 200 OK

Example of Response Body

The following example shows the response body in JSON format.

{
    "credentials": [
        {
            "id": "1234567890",
            "userName": "myUser",
            "password": "mypass123",
            "description": "mydescription",
            "expiration": "5000-07-04T12:08:56.235-0700",
            "type": "PasswordCredential"
        },
        {
            "id": "1234567890",
            "userName": "myUser2",
            "password": "mypass123",
            "description": "mydescription",
            "expiration": "5000-07-04T12:08:56.235-0700",
            "type": "PasswordCredential"
        }
    ]
}

GET Credential Using Resource ID

Use the GET method to search the entire CSF for a credential given its Resource ID.

REST Request

GET /opss/v2/credentials/resourceId

Response Body

Media types for the request or response body.

Media Types:                                                     application/json

The response body contains attributes for the credential. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/opss/v2/credentials/
   1234567890

Example of Response Header

The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods. 

HTTP/1.1 200 OK

Example of Response Body

The following example shows the response body in JSON format.

{
    "id": "1234567890"
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "type": "PasswordCredential"
}

PUT Credential Using Resource ID

Use the PUT method to update an existing credential in the credential store. The entry must exist for the operation to succeed.

REST Request

PUT /opss/v2/credentials/resourceId

Request Body

Media types for the request or response body.

Media Types:                                                      application/json

The request body contains the details of the create request.

Table 3-2 Credentials Attributes

Attribute Description Required

“userName“

Username for the credential.

No

“password“

Password for the credential.

No

“description“

Description for the credential.

No

“expiration“

Expiration date for the credential formatted as yyyy-MM-dd' T'HH:mm:ss.SSSZ.

No

“namespace“

“myMap4”

No

“name“

“myKey22”

No

cURL Example

The following example shows how to replace an existing credential in the credential store by submitting a PUT request on the REST resource using cURL.

curl -i -X PUT -u username:password --data @replacecred.json -H Content-Type:application/json https://myhost:7001/opss/v2/credentials

Example of Request Body

The following example shows the request body in JSON format. 

{
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",

DELETE Credential Using Resource ID

Use the DELETE method to remove the entire CSF for a credential given its Resource ID. The entry must exist for the operation to succeed.

REST Request

DELETE /opss/v2/credentials/resourceId

cURL Example

The following example shows how to delete a credential from a credential store by submitting a DELETE request on the REST resource using cURL.

curl -i -X DELETE -u username:password https://myhost:7001/opss/v2/credentials/
   1234567890