Please join your peers on either March 26 (8pm GMT) or March 28 (8am GMT) to watch as user extraordinaire and forum legend @"lindsay.stevens" demonstrates OpenClinica Insight.

See preview and register at

Insight makes it easy to ask questions of ALL of your clinical and operational data and visualize answers via interactive reports and dashboards. The idea is simple, but the results are powerful: ask your questions, choose your visualizations, then return often for updated, interactive results that link you to all of the underlying data.

Doubts about Oauth


I am relatively new to REST and OAuth. I understand* the basic concept but I have trouble understanding how it is used in OC WS.

The main issue is that as far I understand OAuth allows me (the client) produce a token so that server A can access to my resources in server B using that token; that way I do not need to disclose my authentication info to server A.

But in OC I have just one server (with two webapps, 'OpenClinica' and 'OpenClinica-ws') and a client, so I am at odds about what to do.

This page ( gives some info, but it seems centered about accessing OC data from the Rule Designer server.

All of this leaves me with the following questions

1) Should I still use OAuth in the scenario I am talking about (one server, one client)? I assume that in that case the OC server (the web application) will serve both as both OC and D in the diagram shown in the linked page.

2) How do I get the access token? What should be the client id?

If you have some example of how to test these WS on SoapUI it would be of great help, too. Or client code in almost any programming language.

Thanks in advance.

* Or at least I believe that I understand it :-D


  • toskriptoskrip Posts: 255 ✭✭

    current state for OC 3.x is that authentication is not harmonised and different part of APIs uses different authentication technologies:

    Session: OC RESTful URLs
    API Key: newer REST services that have been introduced with OC participate release
    OAuth: only used for OC Rule Designer
    Network/firewall dependent: for REST resources where there is no authentication, it need to be handled on the network/firewall level

    in OC 4.x I believe that this will change. For new REST services seems like API Key is way to go.


  • Snoopy76Snoopy76 Posts: 18
    Thank you.

    I had missed the link to*) and thought that the only REST WS were the ones documented in

    That also answers the unasked question of why all of the REST WS that I found information for were implemented in the `web` project and not in the `ws`.


    (*) Well I had seen the link but I did not realize it lead to a different web.
Sign In or Register to comment.