Configure Proxy Service Settings

Oracle Content and Experience Cloud includes a proxy service, so that you can use REST services that have Cross-Origin Resource Sharing (CORS) limitations or require service account credentials.

Oracle Content and Experience Cloud includes a proxy service, so that you can use REST services which have Cross-Origin Resource Sharing (CORS) limitations or require service account credentials. The proxy service is a reverse proxy server. It provides a URL to which web browsers connect. The proxy service then acts as an intermediary between the web browser and a remote REST service (or endpoint). The proxy service explicitly adds CORS support to all endpoints and can optionally insert service account credentials to requests coming from web browsers.

Note:

  • This feature is currently unavailable if you have a Universal Credits subscription.

If you are using a REST server (or endpoint) which already supports CORS and doesn't require the use of service account credentials, you don't need to register it with the proxy service. You can instead register it directly with the Oracle Cloud REST API for Content Management. See Use the REST APIs, Sites SDK, and Content Delivery SDK.

  1. After you sign in to the Oracle Content and Experience Cloud web application as an administrator, click Integrations in the Administration area of the navigation menu.

  2. Under Proxy Service, select Enable.

  3. Using the following steps, define any credentials needed by your endpoints, and define the endpoints you want to use the proxy service.

Credentials

When an endpoint uses a credential, the proxy service adds basic access authentication (via the HTTP Authorization header) to requests made by web browsers. If the browser request already includes the Authorization header, the browser request Authorization header will be used instead of the one in the credential.

This gives you the flexibility to provide a read-only credential for most requests, but allow individual requests to provide their own write-capable authentication as needed.

Providing a credential to an endpoint gives all users of the endpoint the same effective permissions granted to the user defined in that credential. To ensure you don’t inadvertently create a security risk, take the following precautions:

  • Don’t provide a credential for an endpoint unless absolutely necessary. If possible, let the browser requests provide their own Authorization header instead.

  • If you must provide a credential, try to use one which has read-only access on the target endpoint.

  • Limit the allowed methods on the endpoint to what is actually required. Unless absolutely necessary, always disable the PUT, POST, and DELETE methods on an endpoint.

  • When possible, limit the Target URI for the endpoint to a specific area of functionality. For example, rather than providing the base URI to the full API such as http://example.api/, you might be able to limit it to a specific area such as http://example.api/weather/ (for weather-related requests) or http://example.api/date/ (for date-related requests).

If an endpoint requires credentials, define a credential and select it in the endpoint definition:

  1. Click Create new Credential, and complete the following information.

  2. In the Credential Name box, enter a name for the credential that will make clear to other users what the credential is for (for example, DocsAPIUser).

  3. In the Username box, enter the user that should be used to authenticate all requests with the endpoint.

  4. In the Password box, enter the password for the user you entered.

  5. In the Keywords box, optionally provide space-delimited keywords for the credential. Keywords are purely informational for your own needs and do not alter the functionality of the credential. Keywords can include alphanumeric characters, periods, hyphens, and underscores.

    The Keywords field is exposed by the proxy service API and can be viewed by non-administrator users. Never include user names, passwords, API keys, or other sensitive information in the Keywords field.

  6. Click Save.

The new credential is available to use with one or more endpoints. It appears in the Credential drop-down list when you create or edit an endpoint.

Endpoints

  1. Define the remote API endpoint you want to use the proxy service. Click Create new Endpoint, and complete the following information:

    1. In the Endpoint Name box, enter a name for the endpoint that will make clear to other users what this endpoint is (for example, Content Management API 1.1).

    2. Under Enable Endpoint, select Enabled.

      You can disable individual endpoints as necessary, rather than disabling the whole proxy service.

    3. In the Path Name box, enter a path name for the endpoint (for example, docs). This will become part of the URL path to access the endpoint (for example, /pxysvc/proxy/docs).

      The name must be unique, URL-safe, and lowercase, and it must start with a letter. It can include alphanumeric characters, hyphens, and underscores.

    4. In the Target URI box, enter the URI for the endpoint (for example, http:// service.example.com/documents/api/1.1).

    5. Under Credential, if necessary, select the credentials to use for this endpoint. This list is populated by the credentials you created using the steps above.

    6. Under HTTP Methods, select the HTTP methods you want to enable for this endpoint.

      GET and OPTIONS methods are always enabled.

    7. In the Keywords box, optionally provide space-delimited keywords for the endpoint. Keywords are purely informational for your own needs and do not alter the functionality of the endpoint. Keywords can include alphanumeric characters, periods, hyphens, and underscores.

      The Keywords field is exposed by the proxy service API and can be viewed by non-administrator users. Never include user names, passwords, API keys, or other sensitive information in the Keywords field.

    8. In the Connection Timeout box, enter the maximum number of seconds to wait when trying to make a connection with the target URI.

    9. In the Socket Timeout box, enter the maximum number of seconds to wait for a pooled connection in the proxy service.

    10. In the Connection Request Timeout box, enter the maximum number of seconds to wait when trying to make a connection with the proxy service.

    11. Test your endpoint, by clicking Save and Debug. See Debug Proxy Service Endpoints.

    12. When you’re satisfied with the result, click Save and Close.