Web Services in Oracle Fusion cloud

What is an API?

The term “API” stands for Application Programming Interface. If you break that down word by word, you can get a pretty good grasp of what it means. An API is an interface that can be used to program software that interacts with an existing application. In practice, an API is “a set of functions and procedures” that allow you to access and build upon the data and functionality of an existing application.

What is Web Service?

Simply put, a web service is a resource that’s made available over the internet. Therefore, web services, by definition, require a network. The term “web service” is defined by W3C (the World Wide Web Consortium) and so it technically follows a whole host of standards.

A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.

API vs Web Service

API and Web service serve as a means of communication. The only difference is that a Web service facilitates interaction between two machines over a network. An API acts as an interface between two different applications so that they can communicate with each other. 

SOAP Service 

Simple Object Access Protocol (SOAP) is an XML based protocol for accessing web services over an HTTP. Oracle provided SOAP services are mainly used to access, create and update data in Oracle ERP Cloud.

REST Service

Representational state transfer (REST) is an architectural style, or design pattern, for APIs. Oracle Cloud REST API’s are typical REST API’s that use HTTP requests and responses to view and manage data stored in Oracle ERP cloud.

Oracle provides two types of web services i.e. SOAP and REST services which are used to integrate applications within enterprise or expose business functions to customers.


StyleProtocolArchitectural Style
Data FormatOnly XMLHTML, XML, JSON and Plain Text
SecurityWS-Security and SSLSSL and HTTPS
Data CacheCan’t CacheCan Cache
BandwidthRequires more resources and bandwidthRequires less resources and is light weight
OperationsNo fixed methods and could contain any operation depending on designer’s implementationCRUD Operations methods like – POST, GET, PUT and DELETE

Oracle Fusion Applications Web Services

Oracle Fusion Applications provides web services as one of many mechanisms to integrate with and extend Oracle Fusion Applications in Oracle Applications Cloud Services. The web services are typically based on a business objects and allow the caller to perform operations on the business objects. As an example, the Opportunity Service can be used to perform a find operation to identify opportunities meeting a search criteria or to perform an update to a field, like a quantity on a particular revenue item, on an opportunity.

REST API’s for Common Features in Oracle Applications Cloud

URL: – https://docs.oracle.com/en/cloud/saas/applications-common/19c/farca/rest-endpoints.html

SOAP Web Services for Oracle Financials Cloud

URL: – https://docs.oracle.com/en/cloud/saas/financials/18b/oeswf/serviceReferenceOverview.html

REST API’s for Oracle Financials Cloud

URL: – https://docs.oracle.com/en/cloud/saas/financials/19c/farfa/rest-endpoints.html

SOAP Web Services for Oracle HCM Cloud

URL: – https://docs.oracle.com/en/cloud/saas/global-human-resources/19c/oeswh/business-object-services.html#business-object-services

REST API’s for Oracle HCM Cloud

URL: – https://docs.oracle.com/en/cloud/saas/global-human-resources/19c/farws/rest-endpoints.html

SOAP Web Services for Oracle SCM Cloud

URL: – https://docs.oracle.com/en/cloud/saas/supply-chain-management/19c/oessc/business-object-services.html#business-object-services

REST API’s for Oracle SCM Cloud

URL: – https://docs.oracle.com/en/cloud/saas/supply-chain-management/19c/fasrp/rest-endpoints.html

SOAP Web Services for Oracle Sales Cloud

URL: – https://docs.oracle.com/en/cloud/saas/sales/18b/oesws/serviceReferenceOverview.html

REST API’s for Oracle Sales Cloud

URL: – https://docs.oracle.com/en/cloud/saas/engagement/19c/faaps/rest-endpoints.html

REST API’s for Oracle Procurement Cloud

URL: – https://docs.oracle.com/en/cloud/saas/procurement/19c/fapra/rest-endpoints.html

SOAP Web Services for Oracle Procurement Cloud

URL: https://docs.oracle.com/en/cloud/saas/procurement/18b/oeswp/serviceReferenceOverview.html 

Note:  The above services will be updated based on new releases. 


In Oracle ERP Cloud, we can only use the standard Web services provided by Oracle and there is no functionality of creating new web services or customizing the existing webservices.

The only feasible custom option is building BI Publisher or OTBI Report to retrieve the data and invoke them from external world using standard webservices. 

Web Service Security Policies in Fusion Applications

Oracle Web Services Manager (OWSM) policies enforce and enable web service security in Oracle Fusion Applications. 

SOAP web service policies

Oracle Fusion Applications SOAP web services are secured by a global server-side policy called oracle/wss11_saml_or_username_token_with_message_protection_service_policy. A global policy is one that is deployed by default in Oracle Web Services Manager (OWSM), but can be overridden.

Fusion Applications SOAP WSDLs contain an X509 certificate in binary form, that needs to be imported into the client machine certificate key store. This is so that the client application can encrypt web service requests to Fusion Applications and that the Fusion applications environment can un-encrypt the request successfully.

In addition, a certificate needs to be generated on the client machine and then imported into the Fusion Applications environment certificate keystore. Oracle Support can help with importing the certificate into a Fusion Applications environment.

The two certificates enable 2-way-ssl which is a requirement of the SAML implementation in Fusion Applications and is part of the WS-Security 1.1 specification.

REST web services policies

Oracle Fusion Applications REST services are secured by a single global server-side policy called oracle/multi_token_over_ssl_rest_service_policy. The policy supports a list of three different authentication mechanisms.

  • Basic Authentication
  • SAML 2.0 https header token
  • JWT https header token

Basic Authentication is where a combination of the username and password are base64 encoded and passed in the header to authenticate to use the REST Service. 

SAML 2.0 principles apply for REST Services as well.

The JSON Web Token otherwise known as a JWT token is a secure token that is encrypted and signed to make it difficult to hack. JSON Web Tokens adhere to an open standard. The JWT token can be used to store session data amongst other things. Oracle Fusion Applications stores session information within a JWT token and therefore it can be used to maintain a session. 

The JWT token is retrieved during the authentication process and is then placed in the header of every REST service request. JWT tokens expire after a few hours and a new one is necessary to continue the session.

Oracle OIC all REST Endpoints

The below link has the information of all REST endpoints for tasks like Decision Modeling Service, Integration Insight, Integrations and Process.URL: – https://docs.oracle.com/en/cloud/paas/integration-cloud/rest-api/api-decision-modeling-service.html

Leave a Reply

Your email address will not be published. Required fields are marked *