Overview of the REST Outbound Filter Service
In Application Administration > Web Services > Outbound REST Services, you can provide the Request and Response Filter inputs using any Business Service and Business Service Methods as shown in the following figure, provided that the Business Service and its methods can modify the payload and add necessary header or security parameters.
The REST Outbound Filter Service can be used to do the following:
- Add additional host addresses. The Filter service can be used to update the host in the payload at runtime.
- Use any other Business Service to configure the Filters for Request/Response payload customization and to add any custom headers.
- Use any other Business Service to configure the Filters for injecting the security-related parameters other than basic authentication, such as OAuth, API-Key and other authentication mechanisms into the Request/Response payload.
- The Payload can be intercepted, after validation at the Siebel layer before it is
sent out using the Filter service and the payload has the below structure and
format, where there is a top-level property set and inside it there are separate
child property set, such as:
- Top level Propertset
- url Propertset
- query Propertset
- body Propertset
- security Propertset
- misc Propertset
- header Propertset
- Top level Propertset
- The user can inject any property into the property set of url, query, body, and
header and at the appropriate place. Let's say for example the user wants to add
some header (say OAuth header or token), then using the Filter service the user can
intercept the payload and inject the header parameter into the header property set
using the Filter Business Service server script. Likewise, the user can add any
parameter to any of the above listed child property set to tune the payload if
required. The
miscproperty set mentioned above is for internal usage of Siebel. Thesecurityproperty set is used only for basic authentication as of now. - This injection of property or tuning of the payload is solely left to the user and is no more validated for correctness after filter service invocation, hence the user needs to be cautious in adding the properties at the right place into the right child property set of the payload PropertySet.
- User should only alter or add properties and should not alter the hierarchy of the property set i.e. different types child property set under top level property set.
- Below is a sample property set to show how intercepted property set looks at the
filter
service.
> Type = - > Child property set #1 at level 1: - > Value = - > Type = url - > httpMethod = POST - > url = https://oicpmapdev-oicpm.integration.ocp.oraclecloud.com:443/ic/api/integration/v1/flows/rest/ORCL-BA-SBL_LOY_MEM_SYNC_TO_CT/1.0/296-187967036 - > Child property set #2 at level 1: - > Value = - > Type = query - > query = - > Child property set #3 at level 1: - > Value = - > Type = body - - > Child property set #1 at level 2: - - > Value = - - > Type = IO1ORCLBASBLLOYMEMSYNCTOCT1 - - - > Child property set #1 at level 3: - - - > Value = - - - > Type = RootIC1 - - - - > Child property set #1 at level 4: - - - - > Value = - - - - > Type = ListOfSiebelMessage__SKIP__WRAPPER - - - - - > Child property set #1 at level 5: - - - - - > Value = - - - - - > Type = SiebelMessage - - - - - > string_IntObjectFormat = Siebel Hierarchical - - - - - > string_IntObjectName = Base LOY Member CT - - - - - - > Child property set #1 at level 6: - - - - - - > Value = - - - - - - > Type = ListOfLOY_0x737063_Member_0x737063_CT__SKIP__WRAPPER - - - - - - - > Child property set #1 at level 7: - - - - - - - > Value = - - - - - - - > Type = LOY_0x737063_Member_0x737063_CT - - - - - - - > string_Status = Active - - - - - - - > string_Last_Name = int - - - - - - - > string_First_Name = memberss - - - - - - - > string_Country = - - - - - - - > string_Id = 88-33WSAK - - - - - - - > string_Gender = - - - - - - - > string_Last_Update = 10/31/2022 09:26:51 - - - - - - - > string_Email_Address = - - - - - - - > string_Middle_Name = - - - - - - - > string_Birth_Date = 10/04/1998 - - - - - - - > string_Con_Last_Update = 10/27/2022 11:24:07 - - - - - - - > string_City = - - - - - - - > string_Postal_Code = - - - - - - - > string_Member_Number = 296-187967036 - > Child property set #4 at level 1: - > Value = - > Type = security - > password = XXXXXX - > type = basic - > username = +++++++ - > Child property set #5 at level 1: - > Value = - > Type = misc - > serviceMethod = memnumpost1 - > Child property set #6 at level 1: - > Value = - > Type = header - Adding security headers to REST Outbond request:
Security headers can be added to outbound payload in two ways:
- Adding script in PreInvokeMethod of the proxy business service:
To add security headers into the pay load, see the "Configuring OAuth Support for Siebel REST Outbound Connections" topic in the Security Guide.
- Using filter service to inject the parameters into the payload/response
using custom Filter Service:
- Create a new business service 'RESTFilterTesting' with UpdateInput and UpdateOutput methods.
- Create a business service Service_PreInvokeMethod script with the
below
code:
function Service_PreInvokeMethod (MethodName, Inputs, Outputs) { var j; var token_type = "tokentype"; var access_token = "1234567890"; if(MethodName == "UpdateInput" && Inputs != null) { for (var i = 0; i < Inputs.GetChildCount(); i++) { j = Inputs.GetChild(i); if(j.GetType() == "header") { j.SetProperty("Authorization", token_type + " " + access_token); break; } } } return (CancelOperation); } - Configure Administration – Web Service -> Outbound REST Services screen with the above for Request and Response Filter under Filters for the REST Service -> Service Methods that you need to inject these above parameters.
- You need to add appropriate script if required to intercept the
response like script below and configuring the method (for example
UpdateOutput) at the Administration – Web Service -> Outbound REST
Services screen with the above for Filter business service under
Filters for the REST Service -> Service
Methods.
function Service_PreInvokeMethod (MethodName, Inputs, Outputs) { if(MethodName == "UpdateOutput" && Outputs!= null) { // write your script code here to update the response } return (CancelOperation); }Below is the sample updated Request done by the Filter business service script above:
> Value = > Type = - > Child property set #1 at level 1: - > Value = - > Type = url - > httpMethod = POST - > url = https://https://petstore3.swagger.io/api/v3/pet - > Child property set #2 at level 1: - > Value = - > Type = query - > query = - > Child property set #3 at level 1: - > Value = - > Type = body - - > Child property set #1 at level 2: - - > Value = - - > Type = Req2SwaggerPetstoreOpenAPI30:body - - - > Child property set #1 at level 3: - - - > Value = - - - > Type = ReqBody__SKIP__WRAPPER - - - - > Child property set #1 at level 4: - - - - > Value = - - - - > Type = pet - - - - > long_id = 512312459 - - - - > string_status = pending - - - - > string_name = kk5name123 - - - - - > Child property set #1 at level 5: - - - - - > Value = - - - - - > Type = category - - - - - > long_id = 11 - - - - - > string_name = categorykk5name - - - - - > Child property set #2 at level 5: - - - - - > Value = - - - - - > Type = ListOftags__Array - - - - - - > Child property set #1 at level 6: - - - - - - > Value = - - - - - - > Type = tags - - - - - - > long_id = 5 - - - - - - > string_name = tagskk15name - - - - - - > Child property set #2 at level 6: - - - - - - > Value = - - - - - - > Type = tags - - - - - - > long_id = 6 - - - - - - > string_name = tagskk25name - - - - - > Child property set #3 at level 5: - - - - - > Value = - - - - - > Type = ListOfphotoUrls__Primitive - - - - - - > Child property set #1 at level 6: - - - - - - > Value = - - - - - - > Type = photoUrls - - - - - - > string_elem__value = 55 - - - - - - > Child property set #2 at level 6: - - - - - - > Value = - - - - - - > Type = photoUrls - - - - - - > string_elem__value = 66 - > Child property set #4 at level 1: - > Value = - > Type = security - > Child property set #5 at level 1: - > Value = - > Type = misc - > serviceMethod = addPet - > Child property set #6 at level 1: - > Value = - > Type = header - > Authorization = tokentype 1234567890 - > Content-Type = application/json
- Adding script in PreInvokeMethod of the proxy business service:
Note: For Siebel Update 21.8 to 22.8 user must follow the first approach of adding script to
PreInvokeMethod of the proxy business service as described in the Siebel Security Guide
-> Using OAuth with Siebel REST -> Configuring OAuth Support for Siebel REST Outbound
Connections. After 22.9 to add security header, user can either follow the first
approach or follow filter service approach of 22.9 guide. The difference is that, till
22.8 the steps are to add a Proxy Business Service Method Argument (Name:
"Authorization:header") and then add a script in the proxy business service's
Service_PreInvokeMethod event handler to assign value to this parameter. Post Siebel
Update 22.9, this can be achieved by using the Custom Filter service step for injecting
the "Authorization" or any other parameter as described in this topic.