17.6 Managing Web Credentials
Store authentication credentials for external REST services or REST Enabled SQL services.
- About Credentials
Use Web credentials to connect to external REST services or REST Enabled SQL services. - Creating Web Credentials
Create Web credentials from either Workspace Utilities or Shared Components. - Editing or Deleting Credentials
Edit or delete Web credentials from either Workspace Utilities or Shared Components. - Viewing Credential Utilization
View the Web credential Utilization report. - Viewing Credential History
View the Web credential History report.
Parent topic: Managing Application Data
17.6.1 About Credentials
Use Web credentials to connect to external REST services or REST Enabled SQL services.
Creating Web credentials securely stores and encrypts authentication credentials for use by Application Express components and API's. Credentials cannot be retrieved back in clear text. Credentials are stored at the workspace-level and therefore are visible in all applications.
Protecting Web Credentials by Defining Valid URLs
You can protect Web credentials by adding valid URLs to the Valid for URLs attribute. Adding URLs to the Valid for URLs attribute prevents Application Express from accidentally sending a sensitive credentials to a different server. Whenever a Web credentials is used, Application Express checks whether the URL matches what is defined in defined in the Valid for URLs attribute.
When adding URLs to this attribute, place each URL into a new line. The URL endpoint being used must start with one of the URLs provided here. See field-level Help for examples.
Exporting and Importing Credentials
When you export an application, used credentials are added to the export file. When you import the application into another workspace, Application Express checks whether the target workspace already contains credentials with the same static ID. If a credential already exists, the application uses it. Otherwise the credential from the import file is created in the target workspace.
About Supported Authentication Types
Web credentials support the following Authentication Types:
-
Basic Authentication - Sends username and password in Base64-encoded form as the Authorization request header.
-
OAuth2 Client Credentials Flow - Application Express exchanges the client ID and client secret for an Access Token using a token server URL. The access token is then used to perform the actual request. If the access token is expired, Application Express will transparently request a new one.
-
HTTP Header - The credential is added to the REST Request as a HTTP Header. The name of the credential is the HTTP Header name, the Secret of the credential is the HTTP Header value. Application Express does not add these secrets to the Debug log or any other logs.
-
URL Query String - The credential is added to the URL of the REST Request as a Query String Parameter (for example:
?name=value
). This option can be useful with API keys. Application Express does not add these secrets to the Debug log or any other logs. However,proxy or other intermediate servers will log these credentials in their log files.
See Also:
Parent topic: Managing Web Credentials
17.6.2 Creating Web Credentials
Create Web credentials from either Workspace Utilities or Shared Components.
To create Web credentials:
Parent topic: Managing Web Credentials
17.6.3 Editing or Deleting Credentials
Edit or delete Web credentials from either Workspace Utilities or Shared Components.
To Edit or delete Web credentials:
Parent topic: Managing Web Credentials
17.6.4 Viewing Credential Utilization
View the Web credential Utilization report.
To view Web credential Utilization report:
Parent topic: Managing Web Credentials
17.6.5 Viewing Credential History
View the Web credential History report.
To view Web credential History report:
Parent topic: Managing Web Credentials