What Is Polling Security

A polling trigger invokes an external application or service by periodically polling APIs to retrieve new data.

To securely invoke external application APIs via REST, the trigger must include authentication headers in each request. Therefore, you must implement authentication mechanisms for this purpose, which can be achieved by configuring a composite policy.

The composite security policy consists of the following key properties:

  • policyOutbound: Models the external application's authentication scheme for invoking its API. Most applications use the standard OAuth policies to protect their APIs and permit outbound calls. For supported policies, see Learn About Security Policies for Invoke Connections.
  • policyInbound: Models the security schemes that allow Oracle Integration to authenticate or validate runtime messages sent by external applications. For completeness, you must specify an inbound policy. However, this policy is a No-Op (no operation) for a polling trigger as there is no inbound traffic. Use the OAuth 2.0 Access Tokens policy, see OAuth 2.0 Access Tokens.

Here is a sample definition of the composite security policy, with a standard OAuth policy for outbound and the access tokens OAuth policy for inbound.

{
    "type": "composite",
    "description": "This policy is used by Oracle Integration to invoke a polling endpoint",
    "displayName": "Polling Composite Security Policy",
    "scope": "TRIGGER",
    "policyOutbound": {
             "type": "managed",
             "policy": "OAUTH_CLIENT_CREDENTIALS",
             "securityProperties": [
                 {
                     "name": "oauth.client.id",
                     "displayName": "Client Id",
                     "description": "Client Id",
                     "shortDescription": "Client Id",
                     "required": true,
                     "hidden": false
                 }, {
                     "name": "oauth.client.secret",
                     "displayName": "Client Secret",
                     "description": "Client Secret",
                     "shortDescription": "Client Secret",
                     "required": true,
                     "hidden": false
                 }, {
                     "name": "oauth.access.token.uri",
                     "default": "https://login.abcxyz.com/01131-a123-4321-a999-347dh4/oauth2/token",
                     "required": false,
                     "hidden": true
                 }, {
                     "name": "oauth.scope",
                     "default": "",
                     "required": false,
                     "hidden": true
                 }, {
                     "name": "oauth.request.content.type",
                     "default": "application/x-www-form-urlencoded",
                     "required": false,
                     "hidden": true
                 }, {
                     "name": "clientAuthentication",
                     "default": "client_credentials_as_header",
                     "required": false,
                     "hidden": true
                 }
             ]                 
         }
 }
    },
    "policyInbound": {
        "type": "managed",  

        "policy": "OAUTH2.0_TOKEN_VALIDATION"
    }
}