Configure Confidential Application to connect Oracle Process Automation(OPA) from OIC

Introduction:

Oracle Cloud Infrastructure Process Automation is a native service for developers and business experts to quickly automate approval workflows that span your ERP, HCM, CX and any other systems. You can utilize low-code designers, prebuilt integrations, and reusable business rules to streamline repetitive processes. You can use the Oracle Cloud Infrastructure Process Automation REST API to automate and manage business processes. You must register your OPA instance in Oracle Identity Cloud Service (IDCS) as a confidential application before you can utilize the REST API with OAuth in Oracle Cloud Infrastructure Process Automation.

Configuring The Confidential Application:

In our use case we will be using Resource Owner Password Credentials Grant Type in OIC to connect OPA using REST API. To create a confidential application, log in to your Oracle Cloud Account and navigate to Identity & Security and click Domain. In order to establish our Confidential Application, first choose the domain where OPA is provisioned. Now click Integrated Applications & click Add application.

First add Name of your application also add description for your future reference and click Next. Then you need to configure this application as a client. Where allowed grant types will be as below:

1. Resource owner
2. Refresh token

Scroll down and choose your preference of Client IP address, in our case it is Anywhere. We selected Specific authorized resources for this application and click Add scope. Please choose the Process Automation Service Application from the list of apps that appears when you click Add Scope. To access your OPA instance from OIC your need add below 2 scope. Then click Next and finish.

https://{{$OPA_instance_url}}/process

https://{{$OPA_instance_url}}/decision

After your application has been created, please check to see that all of the settings was done successfully. Also Activate newly created application and note down your Client ID & Client Secret. This going to be used in your OIC connection.

Assign Role:

Now it’s time to assign required role. For that move to domain home and click on required domain. Then click Oracle Cloud Services, where you can see all list of cloud services provisioned in that domain. Where you click on the OPA instance you have provisioned.

Now scroll down to bottom where you need to add newly created application. We have three different role in OPA:

1. ServiceAdministrator
2. ServiceDeveloper
3. ServiceBusinessUser

As per our experience we need to assign ServiceDeveloper role to the newly create Confidential Applications. For than click Manager, then Show Available Application and ticked the checkbox of the application. Similarly one service account need to be created for to create a instance in OPA, and in this POC use the same user to assign role. In that case same user should have Service Developer role.

Test from POSTMAN:

In Postman we will try to create a instance of newly created Application. For example my Application Name: MyFirst_Approval_App, Process Name: MyFirst_Approval_Process. Now we will be using below REST API to create instance:

{{$OPA_INSTACE}}/process/api/v1/instabce

Where firstName & lastName is two massage based input parameter. Overall JSOB structure will be as below. Please refer to Oracle documentaion on OPA REST API for more details on how to use this API.

Now for the Authentication we will be using OAuth 2.0 here. Here we are going to use Grant Type as Password Credentials. Access Token URL will be https://idcs-xxx.identity.oraclecloud.com/oauth2/v1/token. We will be using the client Id & client Secret, we created in previous steps. Also using the credentials of Service Account we added as Service Developer in OPA application roles. And scope need to be added as below, which we added while creating Confidential Applications:

https://{{$OPA_instance_url}}/process https://{{$OPA_instance_url}}/decision

Configure OIC Connection:

Try to generate an access token now, and successful authentication should result. Now same set-up we need to configure it in OIC. We will be creating a REST Connection similar to POSTMAN collection. Connection URL will be {{$OPA_Instance_URL}}/process/api/v1. Security Policy you need to select OAuth Resource Owner Password Credential as we will be required Role based authentication in OPA. Test the connection and save it.

To initiate a request you don’t need to add any role in OPA. But if you want to take any action to complete a Task, you need to make sure the user/group must added as a member of this group with required privilege.

Reference:

You may explore different REST API’s available for OPA, those are very useful for your business automation.

https://docs.oracle.com/en/cloud/paas/process-automation/rest-api-proca/rest-endpoints.html

Also sharing few more link those will be very helpful when you will try to integration Oracle Process Automation with your OIC or VBCS.

How To Interact with The Oracle Process Automation.

How To Interact with The Oracle Process Automation - Part 2 - Create Process Instance

Oracle Integration Cloud (OIC) and OCI Process Automation (OPA) - OpenAPI Support

Thank you. I hope you find the demonstration of OPA integration with an external system useful.

➡️ Please follow me on LinkedIn

I am an accomplished professional with 15 years of experience in Oracle Integration. Throughout my career, I have been deeply involved in architecting and implementing integration solutions for various organizations, enabling them to seamlessly connect and optimize their business requirements & Cloud Migration.