Allow Your Instance to Access Services
If your Visual Builder instance needs to access an external service, your instance needs to be included in the service's allowlist (formerly a whitelist).
A service typically uses an Access Control List (ACL), called an allowlist, to restrict the networks and services that are allowed to access it. Only users from an IP address or Virtual Cloud Network (VCN) on the allowlist are allowed access to the service. The allowlist restrictions are in addition to the standard authorization mechanisms, such as user credentials, which are always in place.
Any Visual Builder instance that requires access to an external service, such as a REST web service, must be on the external service's allowlist. To get on a web service's allowlist, you'll need to work with the web service's administrator to add an ACL access rule for your VB instance. This may require filing a Service Request with the web service's administrator. You'll typically only need to do this when creating a new VB instance that will require access to a service, or when you plan to start using a new service in a VB instance. A VB instance can be added to an allowlist at any time, even before the instance has been created.
Depending on the location and type of the service your VB instance needs to access, you'll need to provide the service's administrator with:
- the Visual Builder service VCN,
- the Oracle Cloud ID (OCID) of the Visual Builder service VCN, or
- the NAT gateway IP address of the Visual Builder service VCN.
A VB instance's service VCN, OCID and NAT gateway IP address are determined by the instance's region. For example, iad-vb-isovcn is the VB service VCN for instances in the Ashburn region. For details on what these are, see Overview of VCNs and Subnets and NAT Gateway in the OCI Documentation.
Note:
Visual Builder instances that use an Oracle DB service (ATP, DBaaS) will also have a VB management VCN. The VB management VCN OCID or NAT IP must also be added to the service's allowlist. Access from the VB management VCN is required so that schemas related to the VB service can be updated, for example, when patches or updates are applied to the instance.
You can view an instance's VB service NAT gateway IP and VCN OCID in the instance's Visual Builder Instance Information tab in the OCI console. If the instance also has a VB management NAT gateway IP and VCN OCID, they will also be displayed in the tab:
The instance details you need to provide in the Service Request will depend upon the location and type of the service your instance needs to access. In the following table you can see the VB instance details you'll need to provide to allow VB to access the different types of external services.
| To access... | You'll need... |
|---|---|
| A REST web service located in Oracle Service Network (OSN) (such as ORDS) |
You'll need to provide:
The service administrator needs to configure one access rule, to allow access from the VB runtime service VCN. |
| An autonomous database located in OSN, like ATP |
You'll need to provide:
The service administrator needs to configure two access rules, to allow access from the VB runtime service VCN and the VB management VCN. |
| an external REST web service |
You'll need to provide:
The service administrator needs to configure one access rule, to allow access from the IP address of the NAT gateway of the VB runtime service. An access rule configured for the NAT gateway is used when the service is not in the same region and OSN as your instance. |
| an external DBaaS database |
You'll need to provide:
The service administrator needs to configure two access rules, to allow access from the VB runtime service VCN NAT gateway and the VB management VCN NAT gateway. Access rules configured for the NAT gateways are used when the service is not in the same region and OSN as your instance. |