the OAuth flow for "APEX-based" REST services are not suitable for programmatic access - they are all "redirect based" and they expect a browser accessing the application first, being then redirected to ORDS sign-in to get the OAuth token.
T he "Client Credentials" OAuth flow is the one you are looking for ("2-legged-flow"). Here are two links to the ORDS documentation.
But you will need ORDS 3.0 in order to have this kind of OAuth flow and you will have to define your REST Services with the ORDS package, not with APEX SQL Workshop. REST Services defined with APEX SQL Workshop cannot use the client credentials flow.
Here is also a blog posting with some sample scripts explaining this. It's in german language, so you might use Google Translate.#
I hope that helps
Thanks for your suggestion earlier.
Now I am on ORDS 3.0 and no longer getting redirected to a screen to login to get the token.
But instead getting redirected over to another screen asking "Requesting Permission to .. Access" and also I have to click on Allow Access button to get the accessToken.
The curl suggested under JSON, REST und mehr - mit der Oracle Datenbank: Bitte Anmelden: Authentifizierung für REST Dienste mit ORDS is not working either. I am getting 401 unauthorized in this case.
Trying the curl in format below:
curl http://<server>:<port>/../../oauth2/auth?response_type=token&client_id=<clientId>&client_secret=<client_secret>&state=<state> is redirecting to
HTTP/1.1 302 Moved Temporarily
Date: Thu, 16 Feb 2017 21:53:08 GMT
Set-Cookie: JSESSIONID=....; path=/; HttpOnly
Any help in this context will be great help.
how did you create your REST Services and the OAuth Clients ...? On ORDS 3.0 you have to do this with the ORDS package, as outlined in the blog example. You cannot use APEX SQL Workshop for this. You might post your scripts to this thread and I'm happy to have a look at it.
I am using ORDS package now.
Below is how the client is configured.
When I am making the curl command to get the authentication token. I see redirection to signon and followed by that I have to click on "Allow Access" button.
Is there a way to get this token programatically rather than routing via browser?
I tried suggested approach on JSON, REST und mehr - mit der Oracle Datenbank: Bitte Anmelden: Authentifizierung für REST Dienste mit ORDS
I am getting 401 unauthorized in this case.
to work without browser redirects, you have to follow exactly the blog posting. The OAuth client is configured using a PL/SQL package (OAUTH) as well: OAUTH.CREATE_CLIENT. When following each step of the blog posting, you will be able to get your access token without any browser redirect - just with the curl call.