1. Using Oracle Autonomous Database Serverless
  2. Tasks
  3. Call Web Services from Autonomous Database

Call Web Services from Autonomous Database

Describes options for calling Web Services from Autonomous Database.

There are a number of options for calling Web Services from Autonomous Database, including the following:

See PL/SQL Packages Notes for Autonomous Database for information on restrictions for UTL_HTTP on Autonomous Database.

Parent topic: Tasks

Submit an HTTP Request to a Public Host with UTL_HTTP

Provides examples to submit an HTTP request on a public host.

Submit an HTTP request for a public host www.example.com:

-- Create an Access Control List for the host
BEGIN
   DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
         host => 'www.example.com',
         ace =>  xs$ace_type(privilege_list => xs$name_list('http'),
                             principal_name => 'ADMIN',
                             principal_type => xs_acl.ptype_db));
END;
/
-- Set Oracle Wallet location (no arguments needed)
BEGIN
   UTL_HTTP.SET_WALLET('');
END;
/
-- Submit an HTTP request
SELECT UTL_HTTP.REQUEST(url => 'https://www.example.com/') FROM dual;

Note:

If your Autonomous Database instance is on a private endpoint and you want your UTL_HTTP calls to public hosts to be subject to your private endpoint VCN's egress rules, set the ROUTE_OUTBOUND_CONNECTIONS database property to PRIVATE_ENDPOINT. See Enhanced Security for Outbound Connections with Private Endpoints for more information.

See PL/SQL Packages Notes for Autonomous Database for information on restrictions for UTL_HTTP on Autonomous Database.

Parent topic: Call Web Services from Autonomous Database

Submit an HTTP Request to a Private Host with UTL_HTTP

Provides examples to submit an HTTP request on a private host.

To submit a UTL_HTTP request to a target host on a private endpoint, the target host must be accessible from the source database's Oracle Cloud Infrastructure VCN. For example, you can connect to the target host when:

  • Both the source database and the target host are in the same Oracle Cloud Infrastructure VCN.

  • The source database and the target host are in different Oracle Cloud Infrastructure VCNs that are paired.

  • The target host is an on-premises network that is connected to the source database's Oracle Cloud Infrastructure VCN using FastConnect or VPN.

To make a UTL_HTTP call to a target on a private endpoint, make sure the following ingress and egress rules are defined:

  • Define an egress rule in the source database's subnet security list or network security group such that the traffic to the target host is allowed on port 443.

  • Define an ingress rule in the target host's subnet security list or network security group such that the traffic from the source database's IP address to port 443 is allowed.

Note:

Making UTL_HTTP calls to a private host is only supported in commercial regions and US Government regions.

This feature is enabled by default in all commercial regions.

This feature is enabled by default in US Government regions for newly provisioned databases.

For existing US Government databases on a private endpoint, if you want to make UTL_HTTP from an Autonomous Database to a target in a US Government region, please file a Service Request at Oracle Cloud Support and request to enable the private endpoint in government regions database linking feature.

US Government regions include the following:

To make a UTL_HTTP call to a target on a private endpoint, use DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE and specify the private_target parameter with value TRUE. For example: 

-- Create an Access Control List for the host
BEGIN
   DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
         host => 'www.example.com',
         ace => xs$ace_type(privilege_list => xs$name_list('http'),
                             principal_name => 'ADMIN',
                             principal_type => xs_acl.ptype_db),
         private_target => TRUE);
END;
/
-- Set Oracle Wallet location (no arguments needed)
BEGIN
   UTL_HTTP.SET_WALLET('');
END;
/
-- Submit an HTTP request
SELECT UTL_HTTP.REQUEST(url => 'https://www.example.com/',
                        https_host => 'www.example.com') FROM dual;

Note:

If you set ROUTE_OUTBOUND_CONNECTIONS to PRIVATE_ENDPOINT, setting the private_target parameter to TRUE is not required in this API. See Enhanced Security for Outbound Connections with Private Endpoints for more information.

See PL/SQL Packages Notes for Autonomous Database for information on restrictions for UTL_HTTP on Autonomous Database.

Parent topic: Call Web Services from Autonomous Database

Use Credential Objects to Set HTTP Authentication

Describes how to pass a credential objects to UTL_HTTP.SET_CREDENTIAL procedure.

The UTL_HTTP.SET_CREDENTIAL procedure sets HTTP authentication information in the HTTP request header. The Web server needs this information to authorize the request.

The UTL_HTTP.SET_CREDENTIAL procedure enables you to pass credential objects to set HTTP authentication. Credential objects are schema objects, hence they can be accessed only by privileged users and enable you to configure schema-level privileges to access control the credentials. Passing credential objects is an appropriate and secure way to store and manage username/password/keys to be used for authentication.

The UTL_HTTP.SET_CREDENTIAL procedure is a secure and convenient alternative to UTL_HTTP.SET_AUTHENTICATION procedure.

Example


...
UTL_HTTP.SET_AUTHENTICATION (l_http_request, 'web_app_user', 'xxxxxxxxxxxx');
...

As shown in the example above, when you invoke SET_AUTHENTICATION procedure, you must pass the username/password in clear text as part of PL/SQL formal parameters. You might need to embed the username/password into various PL/SQL automation or cron scripts. Passing clear text passwords is a compliance issue that is addressed in UTL_HTTP.SET_CREDENTIAL procedure.

See SET_AUTHENTICATION Procedure and SET_AUTHENTICATION_FROM_WALLET Procedure for more information.

UTL_HTTP.SET_CREDENTIAL Syntax 

UTL_HTTP.SET_CREDENTIAL (
    r          IN OUT NOCOPY req,
    credential IN VARCHAR2,
    scheme     IN VARCHAR2 DEFAULT 'Basic',
    for_proxy  IN BOOLEAN  DEFAULT FALSE);

Example to pass a credential object in the SET_CREDENTIAL procedure:

  • Create a credential object:

    BEGIN DBMS_CLOUD.CREATE_CREDENTIAL (
    credential_name => 'HTTP_CRED',
    username        => 'web_app_user',
    password        => '<password>' );
END;

    This creates a credential object which creates a stored username/password pair.

    See CREATE_CREDENTIAL Procedure for more information.

    See Specifying Scheduler Job Credentials for more information.

  • Invoke UTL_HTTP.SET_CREDENTIAL procedure: 

    DECLARE
      l_http_request  UTL_HTTP.REQ;
    BEGIN 
      l_http_request := UTL_HTTP.BEGIN_REQUEST('https://www.example.com/v1/dwcsdev/SNANDAN/dwcs_small_xt1.csv');
      UTL_HTTP.SET_CREDENTIAL (l_http_request, 'HTTP_CRED','BASIC');
      ...
END;

    This example first creates a request by invoking the BEGIN_REQUEST procedure and sets HTTP authentication information in the HTTP request header by invoking the SET_CREDENTIAL procedure. The Web server needs this information to authorize the request. The value l_http_request is the HTTP request, HTTP_CRED is the credentials name and BASIC is the HTTP authentication scheme.

See UTL_HTTP for more information.

See PL/SQL Packages Notes for Autonomous Database for information on restrictions for UTL_HTTP on Autonomous Database.

Parent topic: Call Web Services from Autonomous Database