You must review the SEC_PAPI_INTEG_HOSTS_SOAP
configuration option on the Oracle Service Cloud site.
The SEC_PAPI_INTEG_HOSTS_SOAP
configuration defines which hosts are allowed to access the SOAP interface/APIs. Valid entries include a comma-separated list of domain names with wildcards, specific IP addresses, or IP subnet masks (for example, *.oracle.com,1.2.3.4
, 10.11.12.0/255.255.255.0
). Only users logging in from hosts matching entries in this list are allowed access to the SOAP interface/APIs. Default value for this configuration is blank.
If this value is blank (default), then the access is not IP restricted. From a security perspective, it is a best practice to have the IP addresses, ranges, or domains that known API calls should originate from. This limits API calls to come only from known/finite addresses, ranges, or domains thus protecting access to a customer’s data within their Oracle Service Cloud Site. However, the value of this configuration is dependent on the customer’s business processes.
Use the Oracle Service Cloud Config Editor to look up the value for this configuration. If the configuration is blank, then no further action is necessary for this configuration. If and only if there is one or more value(s) in this configuration (it is not blank), then you must add either the direct IP address(s), range of addresses, or domain of the server(s) for the OBIA instance at the end of the existing values.
*.mycompany.com
), or specific IP addresses (216.136.229.72
), or IP subnet masks (216.136.229.0/255.255.255.0
). You cannot use wildcards with IP addresses or just domain names. When specifying a subnet mask or range of hosts, the /255.255.255.0
component indicates that you mean to allow all possible values for the entire 216.136.229.x
range of addresses. You cannot use wildcards (*
) to specify a range of IP addresses, such as 1.2.3.*
or 1.2.3*
. It is also possible to specify a comma separated list of the above values, such as 216.136.229.72, 216.136.229.0/255.255.255.0
. Instead of or in addition to an IP address range, you can enter a domain and should include it at the end of the list of IP addresses, such as 216.136.229.72, 216.136.229.0/255.255.255.0, *.domain.com
.
Note:
When using a domain name, a network operation must execute aDNS
reverse lookup. This will result in connection delays and may induce a noticeable performance degradation of the Oracle Service Cloud Application. Whenever possible, please refrain from using a domain name.