In most cases, you authenticate your custom Oracle Integrations using Basic Authentication and for this, you create a username/password in the Oracle IDCS and grant a certain role(ServiceUser, ServiceInvoker, etc.)

Oracle Integration provides a Service Integration account in which the password does not expire. The service integration account consists of a generic application role created with specific predefined rules.

You can use this account to install the connectivity agent or authenticate the custom integrations. For the Basic Authentication, we can use generic credentials: the client ID (that ends with _BASICAUTH) and the associated client secret.

Flow to create Service Integration Account

The following image depicts the complete flow to create the Service Integration account:

REST APIs used to create Service Integration applications

For all the APIs, please update the following variables:

  • IDCS_HOST
  • access_token
  • app_name
  • OracleIntegration_AppID
  • ServiceIntegration_APP_ID

API to create Service Integration application

POST https://{IDCS_HOST}/admin/v1/Apps
Authrorization: Bearer {access_token}
Sample Request:
{
   "active":true,
   "allUrlSchemesAllowed":false,
   "allowAccessControl":false,
   "allowedGrants":[
      "client_credentials",
      "urn:ietf:params:oauth:grant-type:jwt-bearer"
   ],
   "attrRenderingMetadata":[
      {
         "name":"aliasApps",
         "visible":false
      }
   ],
   "basedOnTemplate":{
      "value":"CustomWebAppTemplateId"
   },
   "clientType":"confidential",
   "displayName":"{app_name}_BASICAUTH",
   "editableAttributes":[
      {
         "name":"allowedGrants"
      },
      {
         "name":"protectableSecondaryAudiences"
      },
      {
         "name":"asOPCService"
      },
      {
         "name":"accessTokenExpiry"
      },
      {
         "name":"linkingCallbackUrl"
      },
      {
         "name":"isOAuthResource"
      },
      {
         "name":"appIcon"
      },
      {
         "name":"clientType"
      },
      {
         "name":"refreshTokenExpiry"
      },
      {
         "name":"trustScope"
      },
      {
         "name":"landingPageUrl"
      },
      {
         "name":"audience"
      },
      {
         "name":"samlServiceProvider"
      },
      {
         "name":"isLoginTarget"
      },
      {
         "name":"redirectUris"
      },
      {
         "name":"allowedScopes"
      },
      {
         "name":"tags"
      },
      {
         "name":"logoutUri"
      },
      {
         "name":"allowedOperations"
      },
      {
         "name":"termsOfUse"
      },
      {
         "name":"serviceParams"
      },
      {
         "name":"certificates"
      },
      {
         "name":"aliasApps"
      },
      {
         "name":"schemas"
      },
      {
         "name":"isWebTierPolicy"
      },
      {
         "name":"trustPolicies"
      },
      {
         "name":"logoutPageUrl"
      },
      {
         "name":"secondaryAudiences"
      },
      {
         "name":"displayName"
      },
      {
         "name":"serviceTypeURN"
      },
      {
         "name":"icon"
      },
      {
         "name":"description"
      },
      {
         "name":"isOAuthClient"
      },
      {
         "name":"allowedTags"
      },
      {
         "name":"showInMyApps"
      },
      {
         "name":"isObligationCapable"
      },
      {
         "name":"isMobileTarget"
      },
      {
         "name":"allowOffline"
      },
      {
         "name":"idpPolicy"
      },
      {
         "name":"appSignonPolicy"
      },
      {
         "name":"postLogoutRedirectUris"
      },
      {
         "name":"isFormFill"
      },
      {
         "name":"loginMechanism"
      },
      {
         "name":"serviceTypeVersion"
      },
      {
         "name":"errorPageUrl"
      },
      {
         "name":"signonPolicy"
      },
      {
         "name":"identityProviders"
      },
      {
         "name":"isSamlServiceProvider"
      },
      {
         "name":"appThumbnail"
      },
      {
         "name":"loginPageUrl"
      },
      {
         "name":"scopes"
      },
      {
         "name":"allowAccessControl"
      },
      {
         "name":"isKerberosRealm"
      },
      {
         "name":"allUrlSchemesAllowed"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptionAlgorithm"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:groupAssertionAttributes"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:includeSigningCertInSignature"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signResponseOrAssertion"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:assertionConsumerUrl"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:nameIdUserstoreAttribute"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutResponseUrl"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:succinctId"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutRequestUrl"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:partnerProviderId"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:nameIdFormat"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutBinding"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:userAssertionAttributes"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signatureHashAlgorithm"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:metadata"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptAssertion"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutEnabled"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptionCertificate"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signingCertificate"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:federationProtocol"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:webTierPolicy:App:webTierPolicyJson"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundleConfigurationProperties"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:isAuthoritative"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:enableSync"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:adminConsentGranted"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:connected"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:flatFileBundleConfigurationProperties"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:threeLeggedOAuthCredential"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundlePoolConfiguration"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:flatFileConnectorBundle"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:revealPasswordOnForm"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:userNameFormTemplate"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:userNameFormExpression"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formCredentialSharingGroupID"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formCredMethod"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:syncFromTemplate"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:configuration"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formFillUrlMatch"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formType"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:masterKey"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:maxRenewableAge"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:maxTicketLife"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:supportedEncryptionSaltTypes"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:realmName"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:ticketFlags"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:defaultEncryptionSaltType"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App:requestable"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:revealPasswordOnForm"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:userNameFormExpression"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formType"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formCredMethod"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:configuration"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formFillUrlMatch"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formCredentialSharingGroupID"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:userNameFormTemplate"
      },
      {
         "name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:dbcs:App:domainApp"
      },
      {
         "name":"active"
      },
      {
         "name":"grantedAppRoles"
      },
      {
         "name":"userRoles"
      },
      {
         "name":"adminRoles"
      },
      {
         "name":"clientSecret"
      }
   ],
   "infrastructure":false,
   "isAliasApp":false,
   "isManagedApp":false,
   "isMobileTarget":false,
   "isOAuthClient":true,
   "isOAuthResource":false,
   "isOPCService":false,
   "isSamlServiceProvider":false,
   "isUnmanagedApp":false,
   "isWebTierPolicy":false,
   "loginMechanism":"OIDC",
   "migrated":false,
   "name":{app_name}_BASICAUTH",
   "showInMyApps":false,
   "trustScope":"Explicit",
   "urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App":{
      "requestable":false
   },
   "schemas":[
      "urn:ietf:params:scim:schemas:oracle:idcs:App",
      "urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App"
   ]
}

API to search role

GET https://{IDCS_URL}/admin/v1/AppRoles?attributes=groups,urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User:appRoles&filter=displayName+co+%22ServiceInvoker%22+and+app.value+eq+%22{OracleIntegration_AppID}%22
Authrorization: Bearer {access_token}
Sample Response:
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "Resources": [
        {
            "uniqueName": "5569e9ee9d83434dfdfd3434vdf_ServiceInvoker",
            "app": {
                "value": "5569e9ee9d81dfdf34343434dfd5e6440bd1b8d4e",
                "display": "dev01-axabreabdoi2-hy"
            },
            "displayName": "ServiceInvoker",
            "id": "<OracleIntegration_APP_ROLE_ID>"
        }
    ],
    "startIndex": 1,
    "itemsPerPage": 50
}

API to grant Service Integration application to Oracle Integration role

POST https://{IDCS_URL}/admin/v1/Grants
Authrorization: Bearer {access_token}
Sample Request:
{
 "app": {
  "value": "{OracleIntegration_AppID}"
 },
 "entitlement": {
  "attributeName": "appRoles",
  "attributeValue": "{OracleIntegration_APP_ROLE_ID}"
 },
 "grantMechanism": "ADMINISTRATOR_TO_APP",
 "grantee": {
  "value": "{ServiceIntegration_APP_ID}",
  "type": "App"
 },
 "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:Grant"]
}

So, these are the APIs that you have to use to create a Service Integration application.

Please watch the following video to know all the steps in detail:

If you liked the article, please like, comment, and share.

Please look at my YouTube channel for Oracle Integration-related videos and don’t forget to subscribe to our channel to get regular updates.

Further Readings

Scheduled parameters to maintain Last Run Date Time in Oracle Integration

How to Customize the Lock Screen in Oracle Visual Builder

Merging two CSV files into a single file in Oracle Integration

ERP Integration using File Based Data Import: Oracle Integration

Import Suppliers using FBDI in Oracle Integration

How to call Oracle SaaS ESS job using Oracle Integration