By default, an Oracle SOA Cloud Service instance is accessible only through secure protocols like SSL and SSH, and only using specific ports. But you’re able to customize the default security configuration to support different access rules and security policies.
To provide the highest level of network security, Oracle SOA Cloud Service implements an “access by exception” architecture. You must explicitly grant network access to your service instance for administrators, application users or other cloud services. Similarly, if you want your service instance to be accessible over a non-secure protocol like HTTP, you must change the default configuration.