REST Adapter Capabilities

The REST Adapter can expose integrations as REST APIs by configuring a REST Adapter connection as a trigger. The REST Adapter can also consume any external REST API by configuring a REST Adapter connection as an invoke. This section identifies the capabilities of the REST Adapter when used as a trigger or invoke connection.

Note:

The REST Adapter treats all endpoints as they are exposed. The REST Adapter does not filter or change any of the APIs exposed by the application to which you are connecting. If there is a native adapter for the application to which you are connecting, use that adapter instead. If you choose to use the REST Adapter instead of the native adapter, the API restrictions and deprecation policies apply as specified in the respective application’s documentation.

To connect to the Oracle HCM Cloud SOAP APIs, see Oracle HCM Cloud Adapter Capabilities.

Capabilities When Configuring a Trigger Connection to Expose an Integration as a REST API

The REST Adapter provides the following capabilities when configured as a trigger connection to expose an integration as a REST API. When configured as a trigger connection, the REST Adapter lets your integration receive inbound messages from an application.

Expose REST Endpoints

You can expose a REST endpoint that can accept the request and process it asynchronously.

Upload Payload Formats

You can upload the following:

  • Complex XML schema definitions as a zipped archive to define data definitions for XML content during REST Adapter configuration. See Complex Schema Support.

  • Sample XML documents to define data definitions for XML content during REST Adapter configuration. The following XML documents are supported for schema generation:

    • XML with no namespace.

    • XML with a homogenous namespace.

    • XML files up to 3 MB in size.

  • Schemas with simpleTypes having the restriction facet enabled. Both named and anonymous types are supported.

Configure Endpoint Properties

You can configure the following:

  • Relative resource URI.

  • HTTP methods GET, PUT, POST, DELETE, and PATCH.

  • Template and query parameters.

  • Request/response payload.

  • REST APIs exposed using the REST Adapter are secured using Basic Authentication, OAuth token-based authentication, and JWT-based authentication.

  • REST APIs implement the HTTPS protocol, thereby enforcing all incoming requests to have transport level security.

  • Multiple operation entry points with different resource URIs and HTTP actions/verbs. Each operation represents a different pick action branch in a single integration. This feature eliminates the need to create multiple integrations (each with a separate resource URI and verb) to perform different operations. See Receive Requests for Multiple Resources in a Single REST Adapter Trigger Connection of Using Integrations in Oracle Integration 3.

  • REST APIs exposed using the REST Adapter to be CORS-compliant (see Cross-Origin Resource Sharing (CORS)).

  • Sample cURL syntax generation on the Summary page of the Adapter Endpoint Configuration Wizard for the configuration options that you have selected during REST Adapter connection configuration, such as security policy, headers, parameters, and so on. See Summary Page.

Enforce Incoming Message and Attachment Size Limitations

Support is provided for the following:

  • Ensures that incoming (trigger) message requests without attachments do not exceed the size limit. See Service Limits in Provisioning and Administering Oracle Integration 3.

    Messages with attachments (for example, multipart/mixed and multipart/form-data) are not subject to this constraint. If the size of the structured message (for example, XML/JSON) exceeds the size limit, an HTTP error code message is returned to the client: 413 Request entity too large.

  • Ensures that incoming (trigger) JSON attachments do not exceed the size limit. If the size of the JSON attachment exceeds the limit, an HTTP error code message is returned to the client: 413 Request entity too large. See Service Limits in Provisioning and Administering Oracle Integration 3.

  • Ensures that incoming (trigger) structured message payload requests (any content-type header containing JSON, XML, HTML, YAML, or YML) from a client do not exceed the size limit. If the size of the structured message exceeds these values, an HTTP error code message is returned to the client: 413 Request entity too large.

    See Service Limits in Provisioning and Administering Oracle Integration 3.

Support Multipart/Mixed and Multipart/Form-Data Types

Support is provided for the following:

Support Swagger

Automatic production of a Swagger 2.0–compliant document for REST APIs exposed using the REST Adapter is supported. This document describes the metadata for the generated REST APIs.

Expose Standard and Custom HTTP Headers

Standard and custom HTTP headers to model an integration are supported to expose standard and custom HTTP header properties to Oracle Integration for downstream processing (see Standard and Custom Header Support).

Capabilities When Configuring an Invoke Connection to Consume External REST APIs

The REST Adapter provides the following capabilities when configured as an invoke connection to consume external REST APIs. When configured as an invoke connection, the REST Adapter sends messages to a target application endpoint.

Enforce Outgoing Message and Attachment Size Limitations

Support is provided for the following:

  • Ensures that responses containing attachments for outbound REST requests do not exceed 1 GB. These attachments can be multipart/mixed, multipart/form-data, or application/octet-stream. If the attachment exceeds 1 GB, an HTTP error code message is returned: 413 Request entity too large

  • Ensures that outgoing (invoke) messages returning an unstructured payload (multipart-formdata and binary/octed-stream) from a client do not exceed the size limit.

  • Ensures that outgoing (invoke) messages returning structured message payloads (any content-type header containing JSON, XML, HTML, YAML, or YML) to a client do not exceed the size limit.

    See Service Limits in Provisioning and Administering Oracle Integration 3.

Publish OpenAPI Documents

You can publish REST-based integrations as OpenAPI documents. OpenAPI support is available when configuring the REST Adapter as an invoke connection. You provide a link to the OpenAPI document to publish or consume.

OpenAPI support enables you to perform the following tasks:

    • Publish an OpenAPI document describing an Oracle Integration REST endpoint. You can invoke the REST endpoint with the published document using a REST client such as postman.

      See Publish REST-Based Integrations as OpenAPI Documents.

    • Consume an OpenAPI document using the REST Adapter.

    OpenAPI-defined headers are automatically supported except for the standard headers that are currently disabled in the Adapter Endpoint Configuration Wizard.

Invoke Oracle Cloud Infrastructure REST APIs

You can invoke Oracle Cloud Infrastructure REST APIs such as Oracle functions, streaming, storage and so on as an integral part of Oracle Integration integration flows.

Connect to Private Resources

You can connect to private resources that are in your virtual cloud network (VCN) with a private endpoint. See Connect to Private Resources in Provisioning and Administering Oracle Integration 3 and Configure the Endpoint Access Type. This type of connection does not use the connectivity agent. The REST Adapter does not support private endpoints with trigger connections. Only invoke connections are supported.

Consume REST APIs

Support is provided for the following:

  • Consuming any REST API described using Swagger 2.0/RAML/OpenAPI documents and the Oracle Metadata Catalog. The REST Adapter can automatically discover and present the available resources and operations present in the documents for configurations. The metadata regarding operation-specific request and response messages available in the document is automatically made available for mapping and other activities.

  • Consuming external REST APIs that are not described using Swagger/RAML/OpenAPI documents. You can declaratively specify the HTTP method and the sample JSON document/XML schema for describing the shape of the request and response messages.

  • Consuming REST APIs protected using HTTP Basic Authentication, OAuth Client Credentials (two-legged flow), OAuth Resource Owner Password Credentials (two-legged flow), OAuth Authorization Code Credentials (three-legged flow), OAuth Custom Three Legged Flow, OAuth Custom Two Legged Flow, OAuth 1.0a One Legged Authentication, Amazon Web Services (AWS) Signature Version 4, and Oracle Cloud Infrastructure (OCI) Signature Version 1. There is also support for consuming APIs that are unprotected.

  • Consuming external REST APIs that are protected using transport level security. The REST Adapter supports one-way SSL and two-way SSL. Oracle Integration supports a certificate management user interface to upload public certificates for external APIs that are protected either using lesser known certifying authorities (CA) or self-signed certificates.

  • Consuming external REST APIs hosted on a two-way SSL server requiring client side (Oracle Integration) identity. Oracle Integration provides support for exchanging the client side identity with the server hosting the external API.

Invoke Amazon Web Services (AWS)

You can invoke external REST endpoints supporting the Amazon Web Services (AWS) Signature Version 4 authentication type. You can use the Amazon Web Services (AWS) Signature Version 4 security policy with the connectivity agent for scenarios in which you need to invoke AWS APIs hosted in an on-premises environment.

Configure Endpoint Properties

You can configure the following (see Configuration Parameters):

  • Relative resource URI.

  • HTTP methods GET, PUT, POST, DELETE, and PATCH.

  • Template and query parameters.

  • Request/response payload:

  • Sample cURL syntax generation on the Summary page of the Adapter Endpoint Configuration Wizard for the configuration options that you have selected during REST Adapter connection configuration, such as security policy, headers, parameters, and so on. See Summary Page.

Upload Payload Formats

Support is provided for uploading the following:
  • Sample XML documents to define the data definition for XML content during REST Adapter configuration. The following XML documents are supported for generating the data definition:

    • XML with no namespace.

    • XML with a homogenous namespace.

    • XML files up to 3 MB in size.

  • Sample JSON documents to define data definitions during REST Adapter configuration.

  • Complex XML schema definitions as a zipped archive to define data definitions for XML content during REST Adapter configuration (see Complex Schema Support).

  • Schemas with simpleTypes having the restriction facet enabled. Both named and anonymous types are supported.

Support Multipart/Mixed and Multipart/Form-Data Types

Support is provided for the following:

  • Multipart attachments (content-type: multipart/mixed, and multipart/form-data ) in request/response messages in an integration while sending a request to an external REST endpoint that accepts incoming request messages with multipart attachments and/or sends responses with multipart attachments (see Multipart Attachment Support for Trigger and Invoke Connections).

Support Resource Principal Session Tokens

You can use the Resource Principal Session Token (RPST). RPST enables an Oracle Integration instance (the resource) to authenticate itself with and consume Oracle Cloud Infrastructure services, such as Oracle Cloud Infrastructure Functions, Oracle Cloud Infrastructure Object Storage, Oracle Cloud Infrastructure Vision, and more. See Resource Principal Session Token Support and RPST and OCI Service Invocation Security Policy Use.

Support JWT Client and User Assertions

JWT client and user assertions with the OAuth Client Credentials are supported using the JWT Client Assertion security policy and the JWT User Assertion security policy, respectively. JWT assertions enable you to invoke a service provider that does not regard an OAuth client secret as secure. Trust is established with a key pair exchange instead of a client secret. See JWT Assertion Support for Outbound Invocations and Invoke a Service Provider API with a JWT Assertion.

The OAuth using the JWT User Assertion security policy also provides support for OAuth identity propagation when invoking REST API operations. OAuth identity propagation enables you to securely transfer the same user identity and access credentials across services. See Propagate OAuth User Identity Between Services.

Support Obfuscation of Sensitive Data

The obfuscation of sensitive data such as client ID, client secret, scopes, API key, and others is supported when configuring fields for the OAuth Custom Three Legged Flow security policy and the OAuth Custom Two Legged Flow security policy. See Data Obfuscation Support.

Expose Standard and Custom HTTP Headers

Support is provided for the following:

Invoke Co-located REST APIs

You can invoke co-located REST APIs in an optimized manner.

The Oracle Integration runtime determines if the endpoint being invoked is co-located by checking if the endpoint URL has a load balancer address. If the endpoint URL has a load balancer address, the endpoint is considered co-located and the HTTP request is optimized by accessing the service locally using the non-SSL HTTP protocol.

Dynamically Change Endpoints

You can dynamically change the (invoke) outbound endpoint configuration (see Support for Dynamic REST Endpoints).