There are several requirements to submit an HTTP request to a private host from Oracle APEX in your Autonomous Database instance.

To submit a request to a target host on a private endpoint or behind on-premises firewalls, the target host must be accessible from the source database's Oracle Cloud Infrastructure VCN:

1. Ensure the endpoint meets the prerequisites to submit an HTTP request, as described here: Submit an HTTP Request to a Private Host with UTL_HTTP.

2. Add the following access control list for the desired host as ADMIN (note the private_target parameter):

   BEGIN
     DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
       host => 'www.example.com',
       ace => XS$ACE_TYPE(
         privilege_list => XS$NAME_LIST('http'),
         principal_name => APEX_APPLICATION.g_flow_schema_owner,
         principal_type => XS_ACL.ptype_db),
       private_target => true);
   END;
   /

Oracle APEX on Autonomous Database is preconfigured with an Oracle Wallet that will work with most HTTPS endpoints. If you want to consume REST APIs from servers that use less common or self-signed SSL certificates, you can configure a customer-managed wallet.

Oracle APEX on Autonomous Database is preconfigured with an Oracle Wallet that contains more than 90 of the most common trusted root and intermediate SSL certificates. The APEX_WEB_SERVICE package automatically takes advantage of this Oracle Wallet without additional configuration from application developers.

If you want to consume REST APIs from servers that use less common or self-signed SSL certificates, you can configure a customer-managed wallet. First, follow configuration and deployment instructions in Prerequisites to Use a Customer-Managed Wallet with External Calls. After the wallet is deployed to your Autonomous Database, grant READ on the directory object containing the wallet to the APEX platform schema as ADMIN:

BEGIN
  execute immediate 'grant READ on directory WALLET_DIR to ' ||
    APEX_APPLICATION.g_flow_schema_owner;
END;

Next, when you reference the wallet in APEX_WEB_SERVICE API calls, make sure to use the DIR: prefix instead of the usual FILE: prefix. For example:

l_resp := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
  p_url         => 'https://www.example.com/',
  p_http_method => 'GET',
  p_wallet_path => 'DIR:WALLET_DIR'
);

You can also configure this wallet as the default for the entire Oracle APEX instance in APEX Administration Services by selecting Manage Instance → Instance Settings → Wallet → Wallet Path, or by setting the WALLET_PATH instance parameter.

To switch back to the preconfigured wallet, set WALLET_PATH to an empty value.

See Access Oracle APEX Administration Services for more information.

Your Oracle APEX instance does not require an outbound web proxy to make external REST APIs calls. Autonomous Databases configured with a private endpoint can use a web proxy deployed in your VCN if desired.

To use a web proxy define the following access control list as ADMIN:

BEGIN
  DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
    host           => 'www-proxy.example.com',
    lower_port     => 80,
    ace => XS$ACE_TYPE( 
      privilege_list => XS$NAME_LIST('HTTP_PROXY'),
      principal_name => APEX_APPLICATION.g_flow_schema_owner,
      principal_type => XS_ACL.ptype_db),
    private_target => true);
END;
/

Then, you can use the web proxy in APEX_WEB_SERVICE API calls:

l_resp := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
  p_url            => 'https://www.example.com/',
  p_http_method    => 'GET',
  p_proxy_override => 'www-proxy.example.com:80'
);

You can also configure a web proxy at the application level by setting Proxy Server property on Shared Components → Application Definition → Properties page, or at the instance level in APEX Administration Services from Manage Instance → Security → Instance Proxy.

If you attempt to use a web proxy when your Autonomous Database is configured with a public endpoint, an error is returned:

ORA-01031: insufficient privileges

See Submit an HTTP Request to a Private Host with UTL_HTTP for more information on proxies when using UTL_HTTP API.

See Access Oracle APEX Administration Services for more information.

Provides notes for working with web services in Oracle APEX from an Autonomous Database instance.

Note the following when working with web services in Oracle APEX:

• All web services must be secured. Only HTTPS services are supported on the default port (443). Connections through IP addresses are not allowed.

• Each Autonomous Database instance is preconfigured with a network access control list (ACL) to permit outbound web service calls from Oracle APEX to public endpoints.

• APEX_WEB_SERVICE requests do not honor the custom wallet you set with UTL_HTTP.SET_WALLET API calls.

• There is a default limit of 50,000 outbound web service requests per APEX workspace in a rolling 24-hour period. If the limit of outbound web service calls is reached, the following SQL exception is raised on the subsequent request and the request is blocked:

  ORA-20001: You have exceeded the maximum number of web service requests per workspace. Please contact your administrator.

  You can raise or remove the default limit of outbound web service requests by setting a value for the MAX_WEBSERVICE_REQUESTS instance parameter or by updating the Maximum Web Service Requests attribute in APEX Administration Services. For example, to change the limit to 250,000, connect to your database as ADMIN using a SQL client and execute the following:

  BEGIN
    APEX_INSTANCE_ADMIN.SET_PARAMETER('MAX_WEBSERVICE_REQUESTS', '250000');
    COMMIT;
  END;
  /

To learn more, see:

• APEX_WEB_SERVICE in Oracle APEX API Reference

• Managing REST Data Sources in Oracle APEX App Builder User's Guide