An Oracle blog about Adapters

  • May 22, 2018

Invoke a REST API protected with an API-Key using Oracle Integration Cloud Service

API-Key based authentication is an increasingly popular and simple way for providing secure access to APIs. The process simply entails the resource owner to generate an API-Key for a given client application with required authorization and then share this generated API-Key. The client application is then required to pass this API-key along with the request for accessing protected resources.

Here is a step-by-step illustration of this simple but useful mechanism.

Step 1: Resource owner authenticates and generates an API Key for the given client application.
Step 2: The Resource owner shares the generated API Key with the client application.
Step 3: The client application makes a request for a resource using the API key.

The generic REST adapter has a new security policy for API Key based authentication. This policy is listed under a REST connection.

From connection Dialog, select the 'configure security' tab and select the 'API Key Based Authentication' security policy.

Specify the Generated API Key

Specify how ICS should pass the API-Key along with the request.

This step is also important. API Key Usage describes how the API key should be passed for accessing a resource. Please enter this information carefully since this usage will govern how ICS will pass the provided API Key to the endpoint.

The default value for this field is:

-H Authorization: Bearer ${api-key}

The value of ${api-key} is substituted with the provided API Key and passed as an Authorization header along with the endpoint request.


token usage




Authorization: Bearer ${api-key}

API Key is passed as a header at runtime for accessing the protected resource.

Authorization: Bearer AASDFADADX



API Key is passed as a query parameter at runtime for accessing the protected


Test and save the connection.

Next step: Use this connection in integrations just like any other connection. The API-key will be automatically passed to the endpoint while sending the request.

Join the discussion

Comments ( 1 )
  • Ashrita Bommakanti Friday, September 20, 2019
    Is there something similar to this in SOA 12c. Tryiing to invoke a rest endpoint but don;t know how to pass the api keys
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content