Skip to main content

Creating RESTful API's with the APEX Listener

In REST you model the resources, not the actions. So you define a GET /apex/oow13/hr/employees instead of a GET /apex/oow13/GetAllEmployees. With REST you have six methods (with the most common associated database actions: GET (select), HEAD (select), OPTIONS (to get a list of methods supported by the resource), PUT (merge or update), DELETE (delete), POST (insert).
You can manage the REST resources from either within SQL Developer or APEX. Within SQL Developer the resources are grouped into Modules (like PL/SQL packages) with a URI prefix (like /hr) and within that Resource Templates.
As an example you can define a GET request ( select * from emp where empno = :id ), then the URI Template of the resource will be something like employees/{id}. When you call the URL (like http://localhost:8888/apex/oow13/hr/employees/12345), this will result in a JSON string (or XML or CSV) containing the employee data of employee 12345.
Within a query you can use "special" columns - starting with a $ - that will return a hyperlink within the JSON object.
The listener supports CORS (Cross Origin Resource Sharing) for all public services. So you're not restricted to using URI's within the same domain and can create mashups using data from different domains. Protected resources are not CORS enabled by default, however you can specify a whitelist of origins that are allowed to call that service.
In SQL Developer you can also assign "Privileges" for mehods - so you can secure your DELETE operations from your SELECT operation. The autorization is implemented as an "oauth2" call. See the APEX Listener documentation for more details on that.
Post a Comment

Popular posts from this blog

Dockerize your APEX development environment

Nowadays Docker is everywhere. It is one of the main components of Continuous Integration / Continuous Development environments. That alone indicates Docker has to be seen more as a Software Delivery Platform than as a replacement of a virtual machine.

However ...

If you are running an Oracle database using Docker on your local machine to develop some APEX application, you will probably not move that container is a whole to test and production environments. Because in that case you would not only deliver a new APEX application to the production environment - which is a good thing - but also overwrite the data in production with the data from your development environment. And that won't make your users very excited.
So in this set up you will be using Docker as a replacement of a Virtual Machine and not as a Delivery Platform.
And that's exactly the way Martin is using it as he described in this recent blog post. It is an ideal way to get up and running with an Oracle database …

Refresh selected row(s) in an Interactive Grid

In my previous post I blogged about pushing changed rows from the dabatase into an Interactive Grid. The use case I'll cover right here is probably more common - and therefore more useful!

Until we had the IG, we showed the data in a report (Interactive or Classic). Changes to the data where made by popping up a form page, making changes, saving and refreshing the report upon closing the dialog. Or by clicking an icon / button / link in your report that makes some changes to the data (like changing a status) and ... refresh the report.  That all works fine, but the downsides are: The whole dataset is returned from the server to the client - again and again. And if your pagination size is large, that does lead to more and more network traffic, more interpretation by the browser and more waiting time for the end user.The "current record" might be out of focus after the refresh, especially by larger pagination sizes, as the first rows will be shown. Or (even worse) while you…

Using multiple Authentication Schemes for your APEX application

Recently someone asked me how he could implement multiple authentication schemes for his APEX application. He would like to use (some kind of) Single Sign-on authentication and - as an alternative - an Application Express Authentication. The problem is ... you can only define one Authentication Scheme being "Current" for an application! So how can we solve this issue?

First, we need te be aware that multiple applications can share their authentication by using the same cookie. Thus if you specify "MYCOOKIE" as the Cookie Name in Application A as well as in Application B, you can switch from A to B and back without the need of logging in again. It doesn't matter what Authentication Scheme Type you are using!

Knowing this, we are halfway our solution. We need two Applications. One - the "real" application - using the Application Express Authentication, let's name this one "LAUNCHPAD". And another one using the Single Sign-on Authentication…