Web Services in Oracle Fusion cloud
What is an API?
The term “API” stands for Application Programming Interface. If you break that down word by word, you can get a pretty good grasp of what it means. An API is an interface that can be used to program software that interacts with an existing application. In practice, an API is “a set of functions and procedures” that allow you to access and build upon the data and functionality of an existing application.
What is Web Service?
Simply put, a web service is a resource that’s made available over the internet. Therefore, web services, by definition, require a network. The term “web service” is defined by W3C (the World Wide Web Consortium) and so it technically follows a whole host of standards.
A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.
API vs Web Service
API and Web service serve as a means of communication. The only difference is that a Web service facilitates interaction between two machines over a network. An API acts as an interface between two different applications so that they can communicate with each other.
SOAP Service
Simple Object Access Protocol (SOAP) is an XML based protocol for accessing web services over an HTTP. Oracle provided SOAP services are mainly used to access, create and update data in Oracle ERP Cloud.
REST Service
Representational state transfer (REST) is an architectural style, or design pattern, for APIs. Oracle Cloud REST API’s are typical REST API’s that use HTTP requests and responses to view and manage data stored in Oracle ERP cloud.
Oracle provides two types of web services i.e. SOAP and REST services which are used to integrate applications within enterprise or expose business functions to customers.
SOAP vs REST
| Difference | SOAP | REST |
| Style | Protocol | Architectural Style |
| Data Format | Only XML | HTML, XML, JSON and Plain Text |
| Security | WS-Security and SSL | SSL and HTTPS |
| Data Cache | Can’t Cache | Can Cache |
| Bandwidth | Requires more resources and bandwidth | Requires less resources and is light weight |
| Operations | No fixed methods and could contain any operation depending on designer’s implementation | CRUD Operations methods like – POST, GET, PUT and DELETE |
Oracle Fusion Applications Web Services
Oracle Fusion Applications provides web services as one of many mechanisms to integrate with and extend Oracle Fusion Applications in Oracle Applications Cloud Services. The web services are typically based on a business objects and allow the caller to perform operations on the business objects. As an example, the Opportunity Service can be used to perform a find operation to identify opportunities meeting a search criteria or to perform an update to a field, like a quantity on a particular revenue item, on an opportunity.
REST API’s for Common Features in Oracle Applications Cloud
URL: – https://docs.oracle.com/en/cloud/saas/applications-common/19c/farca/rest-endpoints.html
SOAP Web Services for Oracle Financials Cloud
URL: – https://docs.oracle.com/en/cloud/saas/financials/18b/oeswf/serviceReferenceOverview.html
REST API’s for Oracle Financials Cloud
URL: – https://docs.oracle.com/en/cloud/saas/financials/19c/farfa/rest-endpoints.html
SOAP Web Services for Oracle HCM Cloud
REST API’s for Oracle HCM Cloud
URL: – https://docs.oracle.com/en/cloud/saas/global-human-resources/19c/farws/rest-endpoints.html
SOAP Web Services for Oracle SCM Cloud
REST API’s for Oracle SCM Cloud
URL: – https://docs.oracle.com/en/cloud/saas/supply-chain-management/19c/fasrp/rest-endpoints.html
SOAP Web Services for Oracle Sales Cloud
URL: – https://docs.oracle.com/en/cloud/saas/sales/18b/oesws/serviceReferenceOverview.html
REST API’s for Oracle Sales Cloud
URL: – https://docs.oracle.com/en/cloud/saas/engagement/19c/faaps/rest-endpoints.html
REST API’s for Oracle Procurement Cloud
URL: – https://docs.oracle.com/en/cloud/saas/procurement/19c/fapra/rest-endpoints.html
SOAP Web Services for Oracle Procurement Cloud
URL: https://docs.oracle.com/en/cloud/saas/procurement/18b/oeswp/serviceReferenceOverview.html
Note: The above services will be updated based on new releases.
Limitations
In Oracle ERP Cloud, we can only use the standard Web services provided by Oracle and there is no functionality of creating new web services or customizing the existing webservices.
The only feasible custom option is building BI Publisher or OTBI Report to retrieve the data and invoke them from external world using standard webservices.
Web Service Security Policies in Fusion Applications
Oracle Web Services Manager (OWSM) policies enforce and enable web service security in Oracle Fusion Applications.
SOAP web service policies
Oracle Fusion Applications SOAP web services are secured by a global server-side policy called oracle/wss11_saml_or_username_token_with_message_protection_service_policy. A global policy is one that is deployed by default in Oracle Web Services Manager (OWSM), but can be overridden.
Fusion Applications SOAP WSDLs contain an X509 certificate in binary form, that needs to be imported into the client machine certificate key store. This is so that the client application can encrypt web service requests to Fusion Applications and that the Fusion applications environment can un-encrypt the request successfully.
In addition, a certificate needs to be generated on the client machine and then imported into the Fusion Applications environment certificate keystore. Oracle Support can help with importing the certificate into a Fusion Applications environment.
The two certificates enable 2-way-ssl which is a requirement of the SAML implementation in Fusion Applications and is part of the WS-Security 1.1 specification.
REST web services policies
Oracle Fusion Applications REST services are secured by a single global server-side policy called oracle/multi_token_over_ssl_rest_service_policy. The policy supports a list of three different authentication mechanisms.
- Basic Authentication
- SAML 2.0 https header token
- JWT https header token
Basic Authentication is where a combination of the username and password are base64 encoded and passed in the header to authenticate to use the REST Service.
SAML 2.0 principles apply for REST Services as well.
The JSON Web Token otherwise known as a JWT token is a secure token that is encrypted and signed to make it difficult to hack. JSON Web Tokens adhere to an open standard. The JWT token can be used to store session data amongst other things. Oracle Fusion Applications stores session information within a JWT token and therefore it can be used to maintain a session.
The JWT token is retrieved during the authentication process and is then placed in the header of every REST service request. JWT tokens expire after a few hours and a new one is necessary to continue the session.
Oracle OIC all REST Endpoints
The below link has the information of all REST endpoints for tasks like Decision Modeling Service, Integration Insight, Integrations and Process.URL: – https://docs.oracle.com/en/cloud/paas/integration-cloud/rest-api/api-decision-modeling-service.html
