Secure credential management for Oracle Simphony Labor API
Obtain Client ID and Client Secret from Oracle Cloud portal under API Credentials section
POST to /oauth/token with client_credentials grant type and base64-encoded credentials
Store access_token in Postman environment with expiration timestamp for automatic refresh
Include Bearer token in Authorization header for all subsequent API calls
base_url
https://api.simphony.oracle.com
client_id
Your Oracle Client ID
client_secret
Your Oracle Client Secret
access_token
Auto-populated by pre-request script
const tokenExpiry = pm.environment.get("token_expiry");
const now = Date.now();
if (!tokenExpiry || now >= tokenExpiry) {
pm.sendRequest({
url: pm.environment.get("base_url") + "/oauth/token",
method: "POST",
header: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: {
mode: "urlencoded",
urlencoded: [
{key: "grant_type", value: "client_credentials"},
{key: "client_id", value: pm.environment.get("client_id")},
{key: "client_secret", value: pm.environment.get("client_secret")},
{key: "scope", value: "labor:read employees:read"}
]
}
}, function(err, res) {
const token = res.json().access_token;
const expiresIn = res.json().expires_in;
pm.environment.set("access_token", token);
pm.environment.set("token_expiry", now + (expiresIn * 1000));
});
}
Set Authorization type to Bearer Token with value {{access_token}}
Never commit credentials to version control. Use Postman environment variables marked as secret.
Tokens expire after 60 minutes. Pre-request script handles automatic refresh before expiration.
All requests must use HTTPS. HTTP connections will be rejected by Oracle's API gateway.
Implement exponential backoff on 429 responses. Respect Oracle's rate limits to avoid throttling.