Create a Connection

Before you can build an integration, you must create the connections to the applications with which you want to share data.

To create a connection in Oracle Integration:

In the navigation pane, click Design, then Connections.
Click Create.

Note:
You can also create a connection in the integration canvas. See Define Inbound Triggers and Outbound Invokes.
In the Create connection panel, select the adapter to use for this connection. To find the adapter, scroll through the list, or enter a partial or full name in the Search field.

Enter the information that describes this connection.

Element	Description
Name	Enter a meaningful name to help others find your connection when they begin to create their own integrations.
Identifier	Automatically displays the name in capital letters that you entered in the Name field. If you modify the identifier name, don't include blank spaces (for example, `SALES OPPORTUNITY`).
Role	Select the role (direction) in which to use this connection (trigger, invoke, or both). Only the roles supported by the adapter are displayed for selection. When you select a role, only the connection properties and security policies appropriate to that role are displayed on the Connections page. If you select an adapter that supports both invoke and trigger, but select only one of those roles, you'll get an error when you try to drag the adapter into the section you didn't select. For example, assume you configure a connection for the Oracle Service Cloud (RightNow) Adapter as only an invoke. Dragging the adapter to a trigger section in the integration produces an error.
Keywords	Enter optional keywords (tags). You can search on the connection keywords on the Connections page.
Description	Enter an optional description of the connection.
Share with other projects	Note: This field only appears if you are creating a connection in a project. Select to make this connection publicly available in other projects. Connection sharing eliminates the need to create and maintain separate connections in different projects. When you configure an adapter connection in a different project, the Use a shared connection field is displayed at the top of the Connections page. If the connection you are configuring matches the same type and role as the publicly available connection, you can select that connection to reference (inherit) its resources. See Add and Share a Connection Across a Project.

Click Create.

Your connection is created. You're now ready to configure the connection properties, security policies, and (for some connections) access type.

Configure Connection Properties

Enter connection information so your application can process requests.

Go to the Properties section.
In the Connection URL field, enter the FHIR server base URL to use.
```
https://FHIR_server/fhir/r4/
```

If you want to specify optional details for TLS, two-way SSL, or an identity keystore alias name, click Optional properties.

Element	Description
TLS Version	If no value is selected, the default value used for outbound connections is Transport Layer Security (TLS) version 1.3. It's up to your discretion and the end application's requirements to select either TLS version 1.2 or 1.1 as the default. TLSv1.1 TLSv1.2 TLSv1 is no longer supported. If you previously configured a connection in a version prior to Oracle Integration 3 to use TLSv1.1, either update the connection by not selecting a value for this field or select TLSv1.2. The TLS protocol provides privacy and data integrity between two communicating computer applications. For trigger-only connections, you cannot select a TLS version. Oracle Integration accepts what it receives as long as it's TLSv1.1 or TLSv1.2.
Enable two way SSL for outbound connections (Optional)	If you are configuring the FHIR Adapter for use with a two-way SSL-enabled server, select Yes. .
Identity keystore alias name (Optional)	Enter the key alias name from the keystore file that you specified when importing the identity certificate. The alias name to provide must match the name provided for the private key entry in the JKS file.

Element

Description

TLS Version

If no value is selected, the default value used for outbound connections is Transport Layer Security (TLS) version 1.3. It's up to your discretion and the end application's requirements to select either TLS version 1.2 or 1.1 as the default.

TLSv1.1
TLSv1.2

TLSv1 is no longer supported. If you previously configured a connection in a version prior to Oracle Integration 3 to use TLSv1.1, either update the connection by not selecting a value for this field or select TLSv1.2.

The TLS protocol provides privacy and data integrity between two communicating computer applications.

For trigger-only connections, you cannot select a TLS version. Oracle Integration accepts what it receives as long as it's TLSv1.1 or TLSv1.2.

Enable two way SSL for outbound connections (Optional)

If you are configuring the FHIR Adapter for use with a two-way SSL-enabled server, select Yes.

Identity keystore alias name (Optional)

Enter the key alias name from the keystore file that you specified when importing the identity certificate.

The alias name to provide must match the name provided for the private key entry in the JKS file.

Configure Connection Security

Configure security for your FHIR Adapter connection.

Go to the Security section.

Select the security policy and specify the required details.

Selected Security Policy	Fields
Basic Authentication	Username — The name of a user who has access to the destination web service. Password — Enter the password. Confirm Password — Reenter the password.
OAuth Client Credentials	Access Token URI — The URL from which to obtain the access token. Client Id — The client identifier issued to the client during the registration process. Client Secret — The client secret. Confirm Client Secret — Reenter the client secret. Scope — The scope of the access request. Scopes enable you to specify which type of access you need. Scopes limit access for the OAuth token. They do not grant any additional permission beyond that which the user already possesses. Auth Request Media Type — The format of the data you want to receive. This is an optional parameter that can be kept blank. For example, if you are invoking Twitter APIs, you do not need to select any type. Client Authentication — You can optionally configure OAuth flows with client authentication. This is similar to the Postman user interface feature for configuring client authentication. Send client credentials as basic auth header: Pass the client ID and client secret in the header as basic authentication. Send client credentials in body: Pass the client ID and client secret in the body as form fields.
OAuth Authorization Code Credentials	Client Id — The client identifier issued to the client during the registration process. Client Secret — The client secret. Confirm Client Secret — Reenter the client secret. Authorization Code URI — The URI from which to request the authorization code. Access Token URI — URI to use for the access token. Scope — The scope of the access request. Scopes enable you to specify which type of access you need. Scopes limit access for the OAuth token. They do not grant any additional permission beyond that which the user already possesses. Client Authentication — You can optionally configure OAuth flows with client authentication. This is similar to the Postman user interface feature for configuring client authentication. Send client credentials as basic auth header: Pass the client ID and client secret in the header as basic authentication. Send client credentials in body: Pass the client ID and client secret in the body as form fields.
OAuth Custom Three Legged Flow	Authorization Request — The client application URL to which you are redirected when you provide consent. The authorization server sends a callback to Oracle Integration to obtain an access token for storage. When you create your client application, you must register a redirect URI where the client application is listening. Access Token Request — The access token request to use to fetch the access token. Specify the request using CURL syntax. For example: `-X POST method -H headers -d string_data access_token_uri?query_parameters` Refresh Token Request — The refresh token request to use to fetch the access token. This request refreshes the access token if it expires. Specify the request using CURL syntax. For example `-X POST method -H headers -d string_data refresh_token_uri?query_parameters` Sauth_code — Use regex to identify the authorization code. `code` Saccess_token — Use a regular expression (regex) to retrieve the access token. `access.[tT]oken` Srefresh_token — Use regex to retrieve the refresh token. `refresh.[tT]oken` Sexpiry — Use regex to identify when the access token expires. `expires_in` Stoken_type — Use regex to identify the access token type. `token.?[tT]ype` access_token_usage — Specify how to pass the token as multiple headers or multiple query parameters to access a protected resource. You cannot pass a mix of headers and query parameters. For headers: `-H Authorization: ${token_type} ${access_token} -H validity: 30000 -H signature: ok` You can optionally specify quotes for headers: `-H 'Authorization: ${token_type} ${access_token}' -H 'validity: 30000' -H 'signature: ok'` For query parameters: `?token=${access_token}&validity=3000&signature=ok`
OAuth Custom Two Legged Flow	Access Token Request — The access token request to use to fetch the access token. Specify the request using CURL syntax. For example: `-X POST method -H headers -d string_data access_token_uri?query_parameters` Refresh Token Request — The refresh token request to use to fetch the access token. This request refreshes the access token if it expires. Specify the request using CURL syntax. For example `-X POST method -H headers -d string_data refresh_token_uri?query_parameters` Saccess_token — Use regex to identify the access token. `access.[tT]oken` Srefresh_token — Use regex to identify the refresh token. `refresh.[tT]oken` Sexpiry — Use regex to identify when the access token expires. `expires_in` Stoken_type — Use regex to identify the access token type. `token.?[tT]ype` access_token_usage — Specify how to pass the token as multiple headers or multiple query parameters to access a protected resource. You cannot pass a mix of headers and query parameters. For headers: `-H Authorization: ${token_type} ${access_token} -H validity: 30000 -H signature: ok` You can optionally specify quotes for headers: `-H 'Authorization: ${token_type} ${access_token}' -H 'validity: 30000' -H 'signature: ok'` For query parameters: `?token=${access_token}&validity=3000&signature=ok`
OAuth Client Credentials using JWT Client Assertion Note: This policy is typically used to invoke application-driven APIs.	Access token URI — Enter the URL to which to send a request to obtain the access token. For example: `https://accounts.google.com/o/oauth2/token` JWT headers in JSON format — Upload the JWT header file in JSON format. JWT payload in JSON format — Upload the JWT payload file in JSON format. JWT private key alias — Enter the JWT private key alias. This is the same alias you specified when uploading the signing key certificate on the Certificates page. Scope — (Optional) Enter the scopes. Access token request — (Optional) Enter the request to obtain the access token. The format you specify can vary by service provider. See Variations of JWT Usage by Service Providers in Using the REST Adapter with Oracle Integration 3.
OAuth using JWT User Assertion Note: This policy is typically used on behalf of a user.	Access token URI — Enter the URL to which to send a request to obtain the access token. For example: `https://accounts.google.com/o/oauth2/token` JWT headers in JSON format — Upload the JWT header file in JSON format. JWT payload in JSON format — Upload the JWT payload file in JSON format. JWT private key alias — Enter the JWT private key alias. This is the same alias you specified when uploading the signing key certificate on the Certificates page. Scope — (Optional) Enter the scopes. Access token request — (Optional) Enter the request to obtain the access token. The format you specify can vary by service provider.
No Security Policy	If you select this security policy, no additional fields are displayed. For example, you need to access a HAPI FHIR server that requires no security policy.

Configure the Endpoint Access Type

Configure access to your endpoint. Depending on the capabilities of the adapter you are configuring, options may appear to configure access to the public internet, to a private endpoint, or to an on-premises service hosted behind a fire wall.

Select the Endpoint Access Type

Select the option for accessing your endpoint.

Option	This Option Appears If Your Adapter Supports ...
Public gateway	Connections to endpoints using the public internet.
Connectivity agent	Connections to on-premises endpoints through the connectivity agent. Click Associate agent group. The Associate agent group panel appears. Select the agent group, and click Use. To configure an agent group, you must download and install the on-premises connectivity agent. See Download and Run the Connectivity Agent Installer and About Creating Hybrid Integrations Using Oracle Integration in Using Integrations in Oracle Integration 3.

Option

This Option Appears If Your Adapter Supports ...

Public gateway

Connections to endpoints using the public internet.

Connectivity agent

Connections to on-premises endpoints through the connectivity agent.

Click Associate agent group.
The Associate agent group panel appears.
Select the agent group, and click Use.

To configure an agent group, you must download and install the on-premises connectivity agent. See Download and Run the Connectivity Agent Installer and About Creating Hybrid Integrations Using Oracle Integration in Using Integrations in Oracle Integration 3.

Test the Connection

Test your connection to ensure that it's configured successfully.

In the page title bar, click Test. What happens next depends on whether your adapter connection uses a Web Services Description Language (WSDL) file. Only some adapter connections use WSDLs.

If Your Connection...	Then...
Doesn't use a WSDL	The test starts automatically and validates the inputs you provided for the connection.
Uses a WSDL	A dialog prompts you to select the type of connection testing to perform: Validate and Test: Performs a full validation of the WSDL, including processing of the imported schemas and WSDLs. Complete validation can take several minutes depending on the number of imported schemas and WSDLs. No requests are sent to the operations exposed in the WSDL. Test: Connects to the WSDL URL and performs a syntax check on the WSDL. No requests are sent to the operations exposed in the WSDL.

If Your Connection...

Then...

Doesn't use a WSDL

The test starts automatically and validates the inputs you provided for the connection.

Uses a WSDL

A dialog prompts you to select the type of connection testing to perform:

Validate and Test: Performs a full validation of the WSDL, including processing of the imported schemas and WSDLs. Complete validation can take several minutes depending on the number of imported schemas and WSDLs. No requests are sent to the operations exposed in the WSDL.
Test: Connects to the WSDL URL and performs a syntax check on the WSDL. No requests are sent to the operations exposed in the WSDL.

Wait for a message about the results of the connection test.
- If the test was successful, then the connection is configured properly.
- If the test failed, then edit the configuration details you entered. Check for typos and verify URLs and credentials. Continue to test until the connection is successful.
When complete, click Save.