Wednesday, 9 May 2018

Service Account in Oracle API Cloud Service(CS)

Service Account is an authentication feature provided by Oracle API CS. In other words, Service Account is a resource containing credentials. Service Account can be used when a back-end service require authentication (Basic or OAuth).

Below two authentication schemes can be used with Service Account:
  • Basic Authentication
  • OAuth
Basic Authentication requires only two properties:
  • User Name
  • Password
OAuth requires properties to be configured:
  • Token Endpoint URL: The OAuth Token Provider endpoint where the access token is available
  • Scope: The scope(s) of the access request
  • Client ID: The ID which identifies the client application
  • Client Secret: The secret password associated with the client ID
  • Grant Type: Either Client Credentials or Resource Owner Password Credentials
  • Token Transfer: Transfer the token via URL or Header
Creating a Service Account

A user must be having admin privileges to create a Service Account

Below are the steps to create Service Account
  • Login to API Portal Console
  • Click on the Service Accounts from the menu
  • Click on Create button


  • Enter information as below to create Service Account
    • Service Account Name: Enter the unique service account name
    • Description(Optional): Enter a brief description of the service account
    • Account Type: Either Basic Auth or OAuth 2.0 depending on the backend service authentication mechanism
      • If Basic Auth selected, enter User Name and Password
      • If OAuth 2.0 selected, enter required information as below
        • Token Endpoint URL: Enter the URL for the OAuth token provider endpoint where the access token is available
        • Use Gateway Node Proxy((Optional) ): Click if a proxy is required to reach the token endpoint URL
        • Scope: Enter a scope, such as.READ. Separate multiple scopes with a blank space
        • Client ID: Enter the client ID.
        • Client Secret: Enter the client secret
        • Grant Type: Select Client Credentials or Resource Owner Password Credentials If Resource Owner Password Credentials selected, enter the appropriate username and password
        • Token Transfer: Click Pass Token via URL or Pass Token via Header
For now, Select Basic Auth and click on Create button


Once created, the service account will be displayed on the Service Account page



1 comment: