What we need

[] Server URL [] Username [] Password [] API Token

Summary

1. Create dedicated API integration user account in Oracle Financials Cloud
2. Assign appropriate financial roles based on required data access
3. Obtain REST API endpoint information from Oracle instance
4. Test API access with basic authentication
5. Provide API credentials and base URL for integration

Detailed Steps

Follow these steps to configure Oracle Financials Cloud for REST API access:

Prerequisites

• Administrator access to Oracle Financials Cloud
• IT Security Manager role or equivalent permissions to access Security Console
• Understanding of your integration’s data access requirements

Creating an Oracle Financials API User

1. Log in to Oracle Financials Cloud as an administrator

   • Navigate to your Oracle Financials Cloud instance
   • Sign in with an account that has IT Security Manager role or administrator privileges

2. Access the Security Console

   • From the Oracle Cloud homepage, navigate to Tools > Security Console
   • Click on the Users tab in the left navigation pane

3. Create a new integration user

   • Click Add User button
   • Fill in the required fields:
     • First Name: API
     • Last Name: Integration
     • User Name: (e.g., api_integration_user)
     • Email: Use a dedicated service account email address
   • Set a secure password (minimum 8 characters with complexity requirements)
   • Ensure Account Status is set to Active
   • Click Save and Close

Understanding Oracle Financials Roles and Privileges

Oracle Financials Cloud uses a hierarchical role-based security model:

Predefined Job Roles

Oracle provides predefined job roles that include sets of privileges:

• Financial Integration Specialist: Designed for integration scenarios with API access privileges
• General Accountant: Access to general accounting functions
• Accounts Payable Manager: AP-specific functions and data access
• Accounts Receivable Manager: AR-specific functions and data access

Function Security Policies

These are granular privileges that control specific actions:

• Access FSCM Integration Rest Service: Allows access to REST API methods
• Download data for General Ledger Export: GL data export privileges
• Download data for Payables Export: AP data export privileges
• Download data for Receivables Export: AR data export privileges

Assigning Roles and Permissions

1. Navigate to user roles

   • In the Security Console, find the user you just created
   • Click on the user’s name to edit their profile
   • Navigate to the Roles tab

2. Option A: Use Predefined Job Roles (Recommended)

   • Click Assign Roles
   • Search for and assign Financial Integration Specialist role
   • This role includes:
     • Access to FSCM Integration REST Service
     • Download privileges for various financial modules
     • FSCM Load Interface Administration
     • General functional setups access

3. Option B: Create Custom Role with Specific Privileges

   • Go to Roles in the left navigation pane
   • Click Create Role
   • Fill in role details:
     • Name: (e.g., API_Integration_Custom_Role)
     • Role Code: (e.g., API_INTEGRATION_CUSTOM)
     • Role Category: Select Common Features - Job Roles
     • Description: Custom role for API integration with minimal required privileges
   • Click Next
   • Add Function Security Policies:
     • Access FSCM Integration Rest Service
     • Download data for General Ledger Export (if GL access needed)
     • Download data for Payables Export (if AP access needed)
     • Download data for Receivables Export (if AR access needed)
     • Download data for Assets Export (if FA access needed)
   • Click Next, skip user assignment for now
   • Click Save and Close
   • Return to your integration user and assign this custom role

4. Verify role assignments

   • Confirm the user has appropriate roles assigned
   • Note that roles are hierarchical - higher-level roles inherit lower-level privileges
   • Click Save and Close

Obtaining API Endpoint Information

1. Get server information

   • Log in to Oracle Financials Cloud
   • Navigate to Help > About Application
   • Note the Server URL (base URL for your Oracle Financials instance)

2. Construct REST API endpoint

   • The REST API endpoint follows this format:

   https://{server-url}/fscmRestApi/resources/latest/
   

Testing API Access

1. Understand Oracle’s REST API Authentication

   • Oracle Financials Cloud uses Multi Token Over SSL RESTful Service Policy
   • Supports Basic Authentication over SSL (most common for integrations)
   • Alternative authentication methods include SAML 2.0 and JWT tokens

2. Prepare for testing

   • Ensure your integration user has been assigned appropriate roles
   • Have your Oracle Financials Cloud server URL ready
   • Verify the user account is active and not locked

3. Basic connectivity test endpoints

   • Chart of Accounts: /fscmRestApi/resources/latest/chartOfAccounts?limit=1
   • General Ledger Balances: /fscmRestApi/resources/latest/ledgerBalances?limit=1
   • Suppliers: /fscmRestApi/resources/latest/suppliers?limit=1
   • Customers: /fscmRestApi/resources/latest/customers?limit=1

4. Example test commands

   Basic cURL test:

   curl -X GET "https://{server-url}/fscmRestApi/resources/latest/chartOfAccounts?limit=1" \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -u "api_integration_user:password"
   

   Test with describe action to understand resource structure:

   curl -X GET "https://{server-url}/fscmRestApi/resources/latest/chartOfAccounts/describe" \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -u "api_integration_user:password"
   

5. Validate successful response

   • HTTP status code should be 200
   • Response should contain JSON data structure
   • No authentication errors (401/403 status codes)
   • Verify you can access the specific financial modules you need

Security Considerations

• Store credentials securely using a password manager or secrets vault
• Never share credentials in public channels or commit to version control
• Rotate passwords periodically according to your security policies
• Assign minimum necessary privileges to the API user
• Use HTTPS for all API communications
• Monitor for unusual API usage patterns

What You’ll Need

To enable the Oracle Financials integration, provide the following credentials:

Required Information

1. Oracle Financials Server URL

   • Format: https://your-instance.fin.region.oraclecloud.com
   • Example: https://example-test.fin.us2.oraclecloud.com
   • Found in: Oracle Cloud Console > About Application

2. API Integration Username

   • The dedicated user account created for API access
   • Example: api_integration_user
   • Should be a non-human/service account

3. API Integration Password

   • Secure password for the integration user account
   • Must meet Oracle’s password complexity requirements
   • Should be rotated according to security policies

Verification Checklist

Before providing credentials, ensure:

• ✅ Integration user has been created and is active
• ✅ User has Financial Integration Specialist role or equivalent custom role
• ✅ User has Access FSCM Integration Rest Service privilege
• ✅ API access has been tested with basic connectivity test
• ✅ User can access required financial modules (GL, AP, AR, etc.)
• ✅ REST API base URL is confirmed and accessible

Data Access Scope

Confirm which financial modules the integration will access:

• General Ledger: Chart of accounts, journal entries, account balances
• Accounts Payable: Supplier data, invoices, payment information
• Accounts Receivable: Customer data, transactions, receipts
• Fixed Assets: Asset information, depreciation data
• Cash Management: Bank accounts, cash flows
• Project Accounting: Project costs and billing data

Security Note: Only grant access to the specific modules required for your integration to follow the principle of least privilege.

Integration Field Requirements

The following fields are required to configure the Oracle Financials connector in our backend:

Required Credentials

Optional Configuration

Data Module Access

Specify which Oracle Financials modules your integration will access:

• ☐ General Ledger (GL)
• ☐ Accounts Payable (AP)
• ☐ Accounts Receivable (AR)
• ☐ Fixed Assets (FA)
• ☐ Cash Management (CM)
• ☐ Project Accounting (PA)

Note: Ensure your integration user has the appropriate role assignments for the selected modules before providing these credentials.