You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How to configure HCM so that it only accepts HCM REST API requests from OCI API Gateway?

Received Response


Content (required):

(Given HCM LBAC is already configured to restrict access to HCM to enterprise VPN users)

is it possible to restrict access to the HCM REST API to only requests coming from an OCI API Gateway?

The motivation is to enhance the security profile of the HCM REST API by adding Mutual Auth provided by the OCI API Gateway.

consumer - (mutual auth, internet) -> OCI API Gateway -( Oracle network) -> HCM REST API

How to ensure only requests coming from OCI API Gateway are allowed to be processed by the HCM REST API without impacting the HCM LBAC in place to manage the origin of the online users? That is: how to prevent direct access to the HCM REST API limiting access just to traffic from the OCI API Gateway

Howdy, Stranger!

Log In

To view full details, sign in.


Don't have an account? Click here to get started!