14 Exposing APIs for Integration
Expose REST APIs for external integrations while reusing business logic and securing access.
A PL/SQL package provides an application programming interface (API) for any solution in your workspace. However, when external systems need to integrate with your app, you need to provide them a REST API instead. It's a web service that another program can call over the network, and uses JavaScript Object Notation (JSON) as a simple way to send and receive data.
Some integrations only need to read data, while others may require creating, updating, or deleting it. If you let an outside system change your application data, you must apply the same validation and defaulting business logic used in your web user interface to keep bad data out of your system of record. In either case, you need to ensure only intended clients can access your services.
This section's example code helps you witness how two key Oracle 26ai features can cut the effort to expose APIs in half.
- Reviewing Action Items API Requirements
Review why an external system needs REST APIs to integrate with your APEX app. - Reviewing REST API Basics
Review the HTTP, JSON, SQL, and PL/SQL basics behind REST APIs. - Planning Your ORDS Service Module
Plan your ORDS service module schema alias, URL templates, and handlers. - Using SQL Developer Web REST Designer
Use SQL Developer Web REST Designer to create and navigate ORDS service definitions. - Creating and Testing Read-Only APIs
Create and test read-only REST APIs for collections and single rows. - Enforcing Business Logic in REST APIs
Apply the same business rules to REST API changes that your APEX pages use. - Controlling REST API Behavior Completely
For complete control over your ORDS REST APIs, create a full set of PL/SQL handlers. - Layering Packages for Modularity
Layer PL/SQL packages so pages and REST APIs share checks while handlers stay simple. - Simplifying REST APIs in Oracle 26ai
Simplify REST API development in Oracle 26ai with JSON type and duality views. - Securing APIs with Role-Based Access Control
Secure REST APIs with roles and OAuth 2.0 clients for authorized partner access.