Enhance Oracle Integration API Security Using Oracle API Gateway

In today's interconnected digital landscape, businesses are increasingly relying on seamless integrations to streamline operations and enhance productivity. Oracle Integration APIs serve as crucial conduits for exchanging data and functionalities between diverse applications, systems, and services. However, ensuring the security of these integrations is paramount to safeguard sensitive information, maintain regulatory compliance, and mitigate potential threats.

Oracle API Gateway emerges as a robust solution for fortifying Oracle Integrations by providing comprehensive security features and capabilities. In this blog post, we'll delve into the significance of securing Oracle Integrations and explore how Oracle API Gateway empowers organizations to achieve heightened levels of protection.

• Let's start with simple integration

The integration will receive "name" as a parameter and return "Hello, name"

From Postman let us call the integration

We will use Basic Auth to call the integration

Any user who has access to the OIC instance will be able to invoke the integration. So, if you make an integration, everyone who can use OIC can get to it. That's where the API gateway comes in to make sure it's safe.

To set up the API Gateway, you need to start by creating a Virtual Cloud Network (VCN), which is where the API Gateway operates. Using this network adds an extra layer of security because you can decide which IP addresses are allowed to access the network and block any unwanted ones.

• Provision Virtual Cloud Network (VCN)

From OCI console --> Networking --> Virtual cloud networks

Start VCN Wizard and create VCN with internet connectivity. After creating VCN, you will find the VCN is created with Subnets, Gateways, security lists and Route tables

Open the default Security List and add the Ingress Rule as shown

This means VCN will accept any request from any source (0.0.0.0/0) and can access port 443 which is the OIC integrations port.

Open Network Security Group and create one like this:

• Provision API Gateway

Create a new instance and set the following:

Type: Public

Compartment: select the compartment where VCN is created

Network: select VCN, then select public sub-net then tick on the Enable Network security groups and select network security groups

From Gateway, select Deployment and create a deployment

From API request policies you can add policies on the API like you can limiting the number of requests per second either total requests or the limitation will be per client IP

You can add usage plans where you force the client to add API token to the header of the request.

From Usage plans press "Add" and in the Token location add the following "request.headers[X-Client-Token]"

This means request should have X-Client-Token in the header

In the Authentication you have multiple options, let us go with No Authentication and this means the only users has access to the VCN network will have access to this deployment

In Route 1 enter the path of the Route, Method and select HTTP then enter the OIC integration URL

You can add up to 50 routes per deployment (this number can be changed in the future)

You can find the deployment URL from

Create Usage plans and Subscribers

Once you create the deployments, you can create a Usage Plan for each deployment (or for multiple Deployments) then define a subscriber for the usage plan.

From API Gateway select Usage plans and press Create usage plan

Enter Name and select Compartment then select Entitlements.

Create entitlement and associate the deployment(s) to this Usage plan

Back to API Gateway and select Subscribers and create new subscriber

In the Client enter Name "A" and enter Client token where the token should be sent in the request header. Then add Usage Plans

Let's try to call the integration through API Gateway

From API Gateway Deployment copy URL then add the route path

Use the basic authentication and try to invoke the integration

You will find it is Forbidden because we need to add the token in the request header "X-Client-Token"

Once we add token in the header, we are able to invoke the API

• Force using API Gateway through API Gateway

Now the integration can be invoked through API Gateway but at the same time the user still be able to invoke integration directly without API Gateway. To force the OIC integrations to be invoked only through API Gateway

From OCI àDeveloper Services àIntegration àIntegration Instance àNetwork Access

Enable Restrict Network Access --> then either select Virtual Cloud Network and select API Gateway VCN or select IP and enter API Gateway IP (you can find it in the API Gateway instance). Then restart OIC instance.

Conclusion

Securing Oracle Integrations is essential to safeguard sensitive data, ensure regulatory compliance, and protect against evolving cybersecurity threats. Oracle API Gateway offers a comprehensive suite of security features and capabilities to fortify Oracle Integrations effectively. By adopting best practices and leveraging Oracle API Gateway's robust security controls, organizations can enhance the resilience and integrity of their integrations in an increasingly interconnected digital ecosystem.

Seamless Transition from Oracle SOA and OSB to Oracle Integration Cloud (OIC)

In the fast-paced world of modern business, agility is key, and technology plays a pivotal role in achieving it. For enterprises relying on Oracle SOA (Service-Oriented Architecture) and OSB (Oracle Service Bus), the shift towards cloud-native solutions has become more than a trend – it's a necessity. Oracle Integration Cloud (OIC) emerges as a powerful alternative, promising enhanced efficiency, scalability, and a host of other benefits that can significantly transform your business operations.

Oracle SOA and OSB have been reliable workhorses for enterprises, offering a robust framework for integrating applications and services. However, with the evolving digital landscape, businesses face new challenges that traditional on-premises solutions struggle to address. The limitations of Oracle SOA and OSB, such as complexity, slower deployment cycles, and high maintenance costs, have prompted organizations to explore more agile and innovative solutions.

In this post, I will talk about the advantages of Oracle Integration Cloud (OIC) and I will Illuminate the Transformative Benefits in this Insightful Journey.

Unveiling Oracle Integration Cloud (OIC): Oracle Integration Cloud (OIC) stands as a beacon for organizations seeking a seamless transition to the cloud. This comprehensive and unified integration platform brings together various tools and services, empowering businesses to connect their applications, automate processes, and leverage emerging technologies such as AI and machine learning. Let's delve into the key benefits of migrating from Oracle SOA to OIC: 1. Accelerated Deployment: OIC offers a low-code, visual development approach that significantly speeds up the integration process. With pre-built adapters and templates, developers can rapidly create connections between diverse applications, reducing the time it takes to deploy and launch new services. 2. Cost Efficiency: Moving to the cloud with OIC eliminates the need for extensive on-premises infrastructure, resulting in reduced hardware and maintenance costs. The pay-as-you-go pricing model allows organizations to scale resources as needed, optimizing expenditure and maximizing ROI. 3. Seamless Scalability: OIC's cloud-native architecture ensures seamless scalability, adapting to the growing demands of your business. Whether you're dealing with increased data volume or expanding your service offerings, OIC effortlessly scales to meet your requirements. 4. Simplified Maintenance: Say goodbye to the complex maintenance routines associated with on-premises solutions. OIC's cloud-based model shifts the responsibility of infrastructure management to Oracle, allowing your IT teams to focus on more strategic initiatives rather than routine maintenance tasks. 5. Enhanced Connectivity: OIC provides a unified platform for connecting applications both on-premises and in the cloud. With support for various protocols and standards, including REST and SOAP, organizations can achieve seamless integration across their diverse IT landscape.

6. Exceptional Exception Handling: Oracle Integration Cloud (OIC) streamlines exception handling with its robust capabilities. Through intuitive dashboards and proactive monitoring, OIC empowers businesses to swiftly identify and address integration errors, minimizing downtime and ensuring seamless operations. 7. Complimentary File and Email Services: OIC simplifies file management with its built-in File Server and internal storage, offering a convenient solution for handling files across various integration processes. Additionally, OIC provides a complimentary email server for notifications, enabling organizations to effortlessly communicate crucial updates and alerts to stakeholders, further enhancing operational efficiency.

What is the next step?

• Provisioning Your Oracle Integration Cloud (OIC) Instance
• Initiating Simple Integrations

Now that you're equipped with insights into the remarkable advantages of Oracle Integration Cloud (OIC), it's time to take action. Follow these steps to kickstart your journey towards seamless integration and enhanced operational efficiency:

1. Provision Your OIC Instance:

Check out my latest blog post where I explain how to provision an Oracle Integration Cloud (OIC) instance in detail: Oracle Integration (OIC3) Provisioning Guide. Simplify your setup process and unleash the power of OIC!

2. Initiate Simple Integrations:

Start by identifying a straightforward integration scenario within your organization, such as connecting two commonly used applications or automating a manual process.

Access the OIC Integration Designer, where you can visually design integration flows using a simple drag-and-drop interface.

Utilize pre-built adapters and connectors to seamlessly connect your applications, databases, and services.

Configure data mappings, transformations, and business logic to ensure smooth data flow between systems.

Test your integration thoroughly within the OIC environment to validate functionality and identify any potential issues.

Once satisfied with your integration design, deploy it within your OIC instance to make it operational.

3. Iterate and Expand:

As you gain familiarity with OIC and witness the benefits of seamless integration, continue to iterate and refine your integration processes.

Explore advanced features and capabilities offered by OIC, such as process automation, application development, and API management, to further optimize your operations.

Engage with the vibrant Oracle community, attend training sessions, and leverage resources such as documentation and tutorials to deepen your understanding and expertise in OIC.

Consider expanding your integration initiatives to tackle more complex scenarios and unlock additional value for your organization.

By following these steps, you'll be well on your way to harnessing the full potential of Oracle Integration Cloud (OIC) and driving digital transformation within your organization. Embrace the power of cloud-native integration and propel your business toward unparalleled agility, efficiency, and innovation.

Conclusion: The migration from Oracle SOA to Oracle Integration Cloud marks a transformative leap for businesses, unlocking a new era of agility, efficiency, and innovation. Embracing OIC not only addresses the limitations of legacy solutions but also positions organizations to thrive in the ever-evolving digital ecosystem. As the business landscape continues to evolve, the choice to migrate to Oracle Integration Cloud becomes not just a strategic move but a fundamental necessity for staying competitive and future-ready.

Oracle Integration (OIC3) Provisioning and User Access

In this blog post, I will delve into the intricacies of Oracle Integration (OIC) provisioning and user access, shedding light on best practices and essential considerations to ensure a smooth and secure implementation.

 

Provision OIC Instance

1-      Login to OCI with admin role and from main menu slect “Developer Services” à Integration

 

 

 

2-      Choose the Compartment and Region

 

 

 3-      Press “Create Instance” and enter the name of the instance and select the relevent options:

ü  Select Oracle Integration 3 as it the latest version

ü  Select Standard or Entrprise (you can start with Standard and switch later to Entrprise at any time. If you want to use Process Autoation, you should choose Entrprise).

This a quick comparison of capabilities of both Standard and Entrprise

 

ü  Shape Development or Production (Both are the same but Development will get any updates two weeks before Production so that you can test changes in DV before it applied to Production)

ü  License either new license or you can bring your on-prenise license to cloud

ü  Message packs. Min value 1 and max 12. Each message pack give you 5000 messages in an hour. (You can start with 1 message pack).

ü  Press “Create”

 

4-      It will take few minutes to get your instance provisioned and in active status

 

 

5-      Click on the instance and you can open the instance details

 

6-      OCI instance came with File Server (with 500 GB free with the instance), Visual Builder and Process Automation (For Entrprise License). By default these features is disabled but you can enable these features if you want.

7-      You can open Integration console and start working with integration by presson on “Service Console” button or by coping Service console URL.

8-      You can Start, Stop or Delete the instance from More actions menu

 

 

9-      You can move the instance compartment to another compartment by pressing on Move

 

10-   You can change License Edition or message packs number by pressing on Edit button

User Access

 

In Oracle Cloud, access is managed with policies. Policies control access for users in a domain group. However, in OIC you can give access to the user using Application Roles only without policy as will shown below. So, define policy for OIC access is not manadatory.

 1-      From OCI goto Identity à Policies

 

 2-      Press “Create Policy” and entered the following to manage OIC instance

Policy syntax to allow to manage integration instance in compartment

Allow group <group-name> to manage integration-instance in compartment <compartment-name>

“manage” mean give group ability to create, delete, edit and move OIC instances

You can use “read” as shown below, to give user only read-only access to see the OIC instances in a compartment and see the details of the instance

 

You can optional create another policy for OIC observability as shown

 

 

Optionally you can create policy in the integration service level (not group level) for announcment related to OIC instance (New updates, new release, maintenance…). The notification announcement will contain announcment from OIC

 

The Announcement can be available in OCI notification

 

 

 

 

 

 

Or announcement can be seen from Oracle Integration Console

 

 

 3-      Application Roles. Once OIC instance is provisioning, in order to give developers or other users access to that particular instance to the instance console, you need to define and assign application roles.

Select Identity & Secuirity àDomains à your domain à Oracle Cloud Services

 

 

4-      Select OIC instance

 

5-      From Resource select Application Roles

 

 

6-      Expand the required role and assign user or group. Best to assign Group as shown