Jumpstarting ORDS REST API Development: A Comprehensive Guide for Beginners - Part 3

In the previous blog, we learned how to secure a REST API using OAuth2 and tested it using Postman. Now, in this blog post, we will take the next step and explore how to invoke a secured REST API using PL/SQL.

By the end of this blog post, you will have a clear understanding of how to integrate your PL/SQL applications with OAuth2-secured REST APIs, enabling seamless communication and secure data exchange.

So, let's dive into the world of PL/SQL and learn how to interact with OAuth2-protected REST API.

One of the greatest advantages of Oracle APEX is its collection of powerful APIs that simplify your development tasks, and one such API is APEX_WEB_SERVICE. This API allows us to easily invoke REST APIs and integrate them into our APEX applications, making our work much more convenient.

Before invoking the REST API, it is necessary to create an ACL entry for the external network service. For more detailed information on how to create an ACL entry, refer this blog

Following the same approach as we did while testing the REST API in Postman, let's proceed with the steps for generating an access token, including it in the request header, and finally invoking the REST API. 

Generate the Access Token:

By utilizing the OAUTH_AUTHENTICATE procedure of the APEX_WEB_SERVICE API, we can request an OAuth access token. This token, along with its expiration date, is stored in the global variable g_oauth_tokens. The g_oauth_tokens variable is of a record type with two subfields: token and expires.

BEGIN
    -- Get Access Token
    apex_web_service.oauth_authenticate(
        p_token_url     => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/oauth/token',
        p_client_id     => 'wF97ihe7IrSUOsZ8E5_5Eg..',
        p_client_secret => 'nIvNXfY7z8zPsdz3Clioiw..');
        
    DBMS_OUTPUT.PUT_LINE('token:'|| apex_web_service.g_oauth_token.token);
    DBMS_OUTPUT.PUT_LINE('expires:'|| To_CHAR(apex_web_service.g_oauth_token.expires,'DD-MM-YYYY HH24:MI:SS'));
END;
Next, we need to add access token in the request header. 

To set the HTTP request header in Oracle APEX, we can utilize the G_REQUEST_HEADERS global variable from the APEX_WEB_SERVICE API.  By setting the request headers using G_REQUEST_HEADERS, we can include various headers such as "Content-Type",  "Authorization", or custom headers required by the API you are interacting with.

The G_REQUEST_HEADERS is an array of type APEX_WEB_SERVICE.T_HEADER and can be accessed and modified within your PL/SQL code to set specific headers for the HTTP request.
-- Set the request header
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).NAME := 'Header-Name';
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).VALUE := 'Header-Value';
APEX_WEB_SERVICE.G_REQUEST_HEADERS(2).NAME := 'Authorization'; 
APEX_WEB_SERVICE.G_REQUEST_HEADERS(2).VALUE := 'Bearer [ACCESS_TOKEN]';
Here, we need to set the generated access token to the HTTP Authorization header using the G_REQUEST_HEADERS. 
-- Set the request header
APEX_WEB_SERVICE.G_REQUEST_HEADERS.DELETE(); -- clear request header
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).NAME := 'Authorization';
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).VALUE := 'Bearer '|| apex_web_service.g_oauth_token.token ;
Before setting the request headers for a new API call, it is important to clear the existing headers to ensure a clean slate. For more detail information, refer this blog from Martin. 

Alternative, we can also use SET_REQUEST_HEADERS procedure of APEX_WEB_SERVICE_API to set the HTTP request headers.
BEGIN
    -- Set the request header
    APEX_WEB_SERVICE.SET_REQUEST_HEADERS(
        p_name_01        => 'Authorization',
        p_value_01       => 'Bearer '|| apex_web_service.g_oauth_token.token,
        p_reset          => TRUE  -- clear the request header array
        );
END;
In the final step, we can use the MAKE_REST_REQUEST function of the APEX_WEB_SERVICE API to invoke the REST API. This function allows us to send an HTTP request and retrieve the response from the REST API. The response is returned as a CLOB data type. 
DECLARE
    v_response CLOB;
BEGIN
    -- invoke REST API to get single employee
    v_response := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
                    p_url         => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/hr/v2/employees/999',
                    p_http_method => 'GET');
END;
Now let's put everything together. 
DECLARE
    v_response CLOB; 

BEGIN
    -- Get Access Token
    apex_web_service.oauth_authenticate(
        p_token_url     => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/oauth/token',
        p_client_id     => 'wF97ihe7IrSUOsZ8E5_5Eg..',
        p_client_secret => 'nIvNXfY7z8zPsdz3Clioiw..');
        
    -- Set request header
    APEX_WEB_SERVICE.G_REQUEST_HEADERS.DELETE(); -- clear request header
    APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).NAME := 'Authorization';
    APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).VALUE := 'Bearer '|| apex_web_service.g_oauth_token.token ;
    
    -- Invoke REST API to get single employee
    v_response := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
                    p_url         => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/hr/v2/employees/999',
                    p_http_method => 'GET');
                     
    -- Handle API RESPONSE
    -- Parse JSON response and handle it accorind to your requirement
    DBMS_OUTPUT.PUT_LINE(v_response);
END;
Make a POST request to the API to create an employee:

This code demonstrates how to authenticate, set headers, define the request body, and make a POST request.
DECLARE
  v_request_body CLOB;
  v_response     CLOB;
BEGIN
     -- 
     -- Get Access Token
     --
    apex_web_service.oauth_authenticate(
        p_token_url     => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/oauth/token',
        p_client_id     => 'wF97ihe7IrSUOsZ8E5_5Eg..',
        p_client_secret => 'nIvNXfY7z8zPsdz3Clioiw..');     
    --
    -- Set Request Header
    --
    apex_web_service.g_request_headers.delete();
    apex_web_service.g_request_headers(1).name := 'Authorization';
    apex_web_service.g_request_headers(1).value := 'Bearer ' || apex_web_service.g_oauth_token.token;
    --
    -- Request body
    --
    v_request_body := '{
                        "employee_id": 999,
                        "first_name": "Rutvik",
                        "last_name": "Prajapati",
                        "email": "RPRAJAPATI",
                        "phone_number": "515.123.4444",
                        "hire_date": "2023/05/01",
                        "job_id": "AD_ASST",
                        "salary": 4400,
                        "commission_pct": null,
                        "manager_id": 101,
                        "department_id": 10
                       }';    
    --
    -- invoke webservice
    --
    v_response := APEX_WEB_SERVICE.make_rest_request(
                    p_url         => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/hr/v2/employees/',
                    p_http_method => 'POST',
                    p_body        => v_request_body);

    DBMS_OUTPUT.PUT_LINE(v_response);
END;
In this blog, we learned how to generate an access token, include it in the request header, and effectively make REST API calls using PL/SQL code. With the concepts and techniques covered in this blog, you are well-equipped to incorporate REST APIs into your APEX applications and unlock the potential of seamless integration with external services. Embrace the power of PL/SQL and REST APIs to take your application development to new heights.

Comments

  1. Roberto CapancioniJune 3, 2023 at 2:04 PM

    The best guide I've found so far on the subject!!
    I would also like to suggest another way to make the REST call:

    apex_web_service.oauth_authenticate(
    p_token_url => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/oauth/token',
    p_client_id => 'wF97ihe7IrSUOsZ8E5_5Eg..',
    p_client_secret => 'nIvNXfY7z8zPsdz3Clioiw..');

    l_response := APEX_WEB_SERVICE.MAKE_REST_REQUEST(p_url => 'https://g797c891abe3879-db1.adb.us-phoenix-1.oraclecloudapps.com/ords/apidemo/hr/v2/employees/',
    p_http_method => 'GET',
    p_scheme => 'OAUTH_CLIENT_CRED');

    ReplyDelete

Post a Comment

Popular posts from this blog

Sorting Order in Oracle APEX Classic Report

Image
In APEX, the sorting option for a classic report is divided into two aspects:  How records will be sorted when the report first renders? Whether the end-user can change the sort order interactively by clicking the column header. A classic report can be developed using either the static query or the dynamic query and the sorting behavior is different for both options. First, we will see the sorting behavior for the report based on the static query.  The below classic report is based on the static query and displays all the records of the EMP_DUP table. For this blog, I created EMP_DUP which is the same as the EMP table but contains duplicate records. The sorting aspects for this report are determined by the properties in each column's  sorting  section. The below image shows the  sorting  section for  JOB. The Default Sequence  property determines the initial sort order. Each column that participates in the initial sort order will have a unique sequence number that will determine
Read more

Multi-select List Item in Oracle APEX | Checkbox Group

Image
In my previous post , I explained how to use Shuttle Item. In this post, I will explain how to use another multi-select item Checkbox Group.  In Oracle APEX, Checkbox Group displays multiple values as checkboxes and enables end-user to select multiple values. Like the Shuttle item, the Checkbox Group also stores values of checked boxes in a colon-delimited string. We need to provide a list of values for values displayed as checkboxes.   How to create a Checkbox Group?  Create a VARCHAR2 column having a large size as it stores a colon-delimited string. Navigate to an APEX page and create a page item in a region that is based on the database table. Change its type to "Checkbox Group". Go to the "List of Values" section in the property section and select the list of values type. Here I selected "Static Values".  Click on the "Static Values" and a popup will open. Add Display Value and Return Value in this popup as shown below.  Enter the number of
Read more

OTP based Authentication in Oracle APEX using Twilio

Image
Recently, a new requirement came up to implement One Time Password (OTP) based authentication in Oracle APEX. In this, the user will enter his mobile number on the login page and will receive an OTP via SMS. The user will then enter the OTP on the login page and be able to authenticate himself in the APEX app.  When I started working on this requirement, first I identified all the steps that I need to implement for the solution.  Below are the steps that I followed: 1. Generate the OTP and temporarily store it in a database table. 2. Send the generated OTP to the user by integrating REST API to send the SMS 3. Validate the user entered OTP against the OTP that is stored in the table and authenticate the user. 4. Create a Custom Authentication Scheme. 5. Modify the login page. Let's understand each step in more detail. Step 1:  Generate the OTP and temporarily store it in a database table.  First, create a table to temporarily store the OTP for the validation. Here I created a si
Read more