Oracle Cloud Infrastructure Documentation

Use Web Services with Oracle APEX

You can interact with both SOAP and RESTful style web services from Oracle APEX in your Autonomous Database instance.

Web services enable applications to interact with one another over the web in a platform-neutral, language independent environment. In a typical web services scenario, a business application sends a request to a service at a given URL by using the HTTP protocol. The service receives the request, processes it, and returns a response. Web services are typically based on Simple Object Access Protocol (SOAP) or Representational State Transfer (REST) architectures.

Using REST Data Sources, APEX developers can declaratively access data services from a variety of REST endpoints, allowing both read and write operations. In addition to supporting smart caching rules for remote REST data, Oracle APEX also offers the unique ability to directly manipulate the results of REST data sources using industry standard SQL.

The APEX_WEB_SERVICE package enables you to integrate other systems with APEX by allowing you to interact with web services anywhere you can use PL/SQL in your application. The package contains procedures and functions to call both SOAP and RESTful style web services, and to simplify implementation of OAuth 2.0 flows.

Parent topic: Create Applications with Oracle APEX in Autonomous Database

Submit an HTTP Request to a Private Host with Oracle APEX

There are several requirements to submit an HTTP request to a private host from Oracle APEX in your Autonomous Database instance.

To submit a request to a target host on a private endpoint or behind on-premises firewalls, the target host must be accessible from the source database's Oracle Cloud Infrastructure VCN:

  1. Ensure the endpoint meets the prerequisites to submit an HTTP request, as described here: Submit an HTTP Request to a Private Host with UTL_HTTP.

  2. Add the following access control list for the desired host as ADMIN (note the private_target parameter): 

    BEGIN
  DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
    host => 'www.example.com',
    ace => XS$ACE_TYPE(
      privilege_list => XS$NAME_LIST('http'),
      principal_name => APEX_APPLICATION.g_flow_schema_owner,
      principal_type => XS_ACL.ptype_db),
    private_target => true);
END;
/
Note

If you set ROUTE_OUTBOUND_CONNECTIONS database property to PRIVATE_ENDPOINT, you do not need to define access control lists for individual hosts in order to access them from APEX. See Enhanced Security for Outbound Connections with Private Endpoints for more information.

Make External Calls Using a Customer-Managed Wallet with Oracle APEX

Oracle APEX on Autonomous Database is preconfigured with an Oracle Wallet that will work with most HTTPS endpoints. If you want to consume REST APIs from servers that use less common or self-signed SSL certificates, you can configure a customer-managed wallet.

Oracle APEX on Autonomous Database is preconfigured with an Oracle Wallet that contains more than 90 of the most common trusted root and intermediate SSL certificates. The APEX_WEB_SERVICE package automatically takes advantage of this Oracle Wallet without additional configuration from application developers.

If you want to consume REST APIs from servers that use less common or self-signed SSL certificates, you can configure a customer-managed wallet. First, follow configuration and deployment instructions in Prerequisites to Use a Customer-Managed Wallet with External Calls. After the wallet is deployed to your Autonomous Database, grant READ on the directory object containing the wallet to the APEX platform schema as ADMIN: 

BEGIN
  execute immediate 'grant READ on directory WALLET_DIR to ' ||
    APEX_APPLICATION.g_flow_schema_owner;
END;

Next, when you reference the wallet in APEX_WEB_SERVICE API calls, make sure to use the DIR: prefix instead of the usual FILE: prefix. For example: 

l_resp := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
  p_url         => 'https://www.example.com/',
  p_http_method => 'GET',
  p_wallet_path => 'DIR:WALLET_DIR'
);

You can also configure this wallet as the default for the entire Oracle APEX instance in APEX Administration Services by selecting Manage Instance → Instance Settings → Wallet → Wallet Path, or by setting the WALLET_PATH instance parameter.

To switch back to the preconfigured wallet, set WALLET_PATH to an empty value.

See Access Oracle APEX Administration Services for more information.

Make External Calls Using a Web Proxy with Oracle APEX

Your Oracle APEX instance does not require an outbound web proxy to make external REST APIs calls. Autonomous Databases configured with a private endpoint can use a web proxy deployed in your VCN if desired.

To use a web proxy define the following access control list as ADMIN: 

BEGIN
  DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
    host           => 'www-proxy.example.com',
    lower_port     => 80,
    ace => XS$ACE_TYPE( 
      privilege_list => XS$NAME_LIST('HTTP_PROXY'),
      principal_name => APEX_APPLICATION.g_flow_schema_owner,
      principal_type => XS_ACL.ptype_db),
    private_target => true);
END;
/

Then, you can use the web proxy in APEX_WEB_SERVICE API calls: 

l_resp := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
  p_url            => 'https://www.example.com/',
  p_http_method    => 'GET',
  p_proxy_override => 'www-proxy.example.com:80'
);

You can also configure a web proxy at the application level by setting Proxy Server property on Shared Components → Application Definition → Properties page, or at the instance level in APEX Administration Services from Manage Instance → Security → Instance Proxy.

If you attempt to use a web proxy when your Autonomous Database is configured with a public endpoint, an error is returned: 

ORA-01031: insufficient privileges

See Submit an HTTP Request to a Private Host with UTL_HTTP for more information on proxies when using UTL_HTTP API.

See Access Oracle APEX Administration Services for more information.

Notes for Using Web Services with Oracle APEX

Provides notes for working with web services in Oracle APEX from an Autonomous Database instance.

Note the following when working with web services in Oracle APEX:

  • All web services must be secured. Only HTTPS services are supported on the default port (443). Connections through IP addresses are not allowed.

  • Each Autonomous Database instance is preconfigured with a network access control list (ACL) to permit outbound web service calls from Oracle APEX to public endpoints.

  • APEX_WEB_SERVICE requests do not honor the custom wallet you set with UTL_HTTP.SET_WALLET API calls.

  • There is a default limit of 50,000 outbound web service requests per APEX workspace in a rolling 24-hour period. If the limit of outbound web service calls is reached, the following SQL exception is raised on the subsequent request and the request is blocked:

    ORA-20001: You have exceeded the maximum number of web service requests per workspace. Please contact your administrator.

    You can raise or remove the default limit of outbound web service requests by setting a value for the MAX_WEBSERVICE_REQUESTS instance parameter or by updating the Maximum Web Service Requests attribute in APEX Administration Services. For example, to change the limit to 250,000, connect to your database as ADMIN using a SQL client and execute the following: 

    BEGIN
  APEX_INSTANCE_ADMIN.SET_PARAMETER('MAX_WEBSERVICE_REQUESTS', '250000');
  COMMIT;
END;
/

To learn more, see: