Skip to Main Content
  • Questions

  • Making API calls from Oracle database

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Sai.

Asked: June 21, 2018 - 2:48 am UTC

Last updated: June 25, 2018 - 9:28 am UTC

Version: 12c

Viewed 1000+ times

You Asked

In our office,

Environment 1: we have an oracle database with Oracle APEX installed.
Environment 2: We have a PCI complaint application with some NON-PCI APIs exposed via Kong

We want to call the Non-PCI APIs from oracle database and were told - it’s not good practice to have a database server making calls out to other environments. Applications should make calls out to other environments, then store in the database. From an N-tier perspective and a security 101 perspective, you never have the source of truth reach out and bring payload home to itself…the layers above do the calls.

We want to make API calls from oracle database directly. Is it really not a good practice to make calls from oracle database? Is there a work around?

Please help.

and Connor said...

Calling externally to anything from anywhere requires due diligence in terms of ensuring you have the correct security measures in place.

Having said that, once you've done that, there should not be an issue calling external services from the database. Apex customers have been doing that successfully for years.

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Security measures

Sai Siva Ram, June 24, 2018 - 12:06 pm UTC

Can you please guide me towards the correct security measures that we should take to ensure we are covering as many aspects as possible when we are calling APIs from the database directly.
Connor McDonald
June 25, 2018 - 9:28 am UTC

https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/index.html
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

APEX

Keep your APEX skills fresh by attending their regular Office Hours sessions.