Use Web Services with Oracle APEX

You can interact with both SOAP and RESTful style web services from Oracle APEX (APEX) in your Autonomous Database instance.

Web services enable applications to interact with one another over the web in a platform-neutral, language independent environment. In a typical web services scenario, a business application sends a request to a service at a given URL by using the HTTP protocol. The service receives the request, processes it, and returns a response. Web services are typically based on Simple Object Access Protocol (SOAP) or Representational State Transfer (REST) architectures.

Using REST Data Sources (formerly called Web Source Modules), APEX developers can declaratively access data services from a variety of REST endpoints, allowing both read and write operations. In addition to supporting smart caching rules for remote REST data, Oracle APEX also offers the unique ability to directly manipulate the results of REST data sources using industry standard SQL.

The APEX_WEB_SERVICE package enables you to integrate other systems with APEX by allowing you to interact with web services anywhere you can use PL/SQL in your application. The package contains procedures and functions to call both SOAP and RESTful style web services, and to simplify implementation of OAuth 2.0 flows.

Note the following when working with web services in APEX with Autonomous Database:

  • All web services must be secured. Only HTTPS services are supported on the default port (443). Connections through IP addresses are not allowed. Your APEX instance is preconfigured with an Oracle Wallet that contains more than 90 of the most common trusted root and intermediate SSL certificates. The APEX_WEB_SERVICE package automatically takes advantage of this Oracle Wallet without additional configuration from application developers.

  • Each Autonomous Database instance is preconfigured with a network access control list (ACL) to permit outbound web service calls from Oracle APEX to public endpoints.

  • In order to reach endpoints in private subnets or behind on-premises firewalls, ensure they meet the prerequisites from this section, Submit an HTTP Request to a Private Host with UTL_HTTP, and add the following access control list for the desired host:

           host => '',
           ace => XS$ACE_TYPE( 
               privilege_list => XS$NAME_LIST('http'),
               principal_name => APEX_APPLICATION.g_flow_schema_owner,
               principal_type => XS_ACL.ptype_db),
           private_target => true);


    If you set ROUTE_OUTBOUND_CONNECTIONS database property to PRIVATE_ENDPOINT, you do not need to define access control lists for individual hosts in order to access them from APEX. Enhanced Security for Outbound Connections with Private Endpoints
  • Your APEX instance does not require an outbound web proxy. Attempting to use a web proxy at the API call level or application level shows the error: ORA-01031: insufficient privileges.

  • There is a default limit of 50,000 outbound web service requests per APEX workspace in a rolling 24-hour period. If the limit of outbound web service calls is reached, the following SQL exception is raised on the subsequent request and the request is blocked:

    ORA-20001: You have exceeded the maximum number of web service requests per workspace. Please contact your administrator.

    You can raise or remove the default limit of outbound web service requests by setting a value for the MAX_WEBSERVICE_REQUESTS instance parameter or by updating the Maximum Web Service Requests attribute in APEX Administration Services. For example, to change the limit to 250,000, connect to your database as ADMIN using a SQL client and execute the following:


To learn more, see: