Adding a REST Host in vRO is quite easy. Just run a workflow Add a REST Host and provide some details and select an Authentication type (viz. None, Basic, OAuth, OAuth 2.0, Digest, NTLM or Kerberos) or maybe you can create transient REST hosts using Scripting API. However, if you are using OAuth 2.0 for authenticating your REST hosts in vRO, you should shift your attention a little here.
With vRO 8.7, you now have an option to select a strategy on how to send the OAuth 2.0 bearer access token to your authorized request —
oauth_token query parameter & Authorization header. The newly introduced and recommended strategy is to use the Authorization header to send the token when making request to the host.
The main reason to make this change is that Authorization header is more secure as it doesn’t expose the server logs in the incoming requests as with query parameter. Also, the query parameter will be deprecated soon in the future releases of vRO. So, it is probably the time to change/update your OAuth 2.0 authorized REST hosts. One way is to simply run Update a REST Host library workflow, but we will go with the other way i.e. updating it using the Scripting API.
Create an action and copy-paste this script which has 2 inputs RESTHost and token and run it.
You can verify what token sending strategy your REST host uses by navigating to Inventory > REST-Host, selecting your host, and checking the Authorization entry.
There is more to this story. The old scripting approach of creating an OAuth 2.0 authentication by passing only the token parameter without a token sending strategy still works, and for backwards compatibility preserves the past behavior of using the query parameter strategy. This means that the the below code will work for both type of strategies (in case you have both type of REST Hosts in your inventory).