1 Reply Latest reply on Aug 27, 2020 12:28 PM by EJ-Egyed

    publishing rest api on different server - ORDS

    3230404

      Dear All

       

      Im new to ORDS and Rest API in general, so plz be patient with me.

       

      i simply want to build a rest api and publish it to my clients. i have oracle 12.2.0.1 database installed on oracle linux server and i installed APEX and ORDS on it.

       

      i dont want my clients to reach this server, so i installed tomcat apache on another server that is reachable to my clients.

       

      now, the documentation specify that i need to deploy the ords.war on my apache server but i could understand how this server will see my database.

       

      as i described above, i simply want my client to reach the specific rest API URL that is deployed on my apache tomcat application server. also i want to give each API a different port if possible. does this mean that i need to create different domains on my apache server?

       

      can u plz describe the architecture to me and tell how to separate the database from apache server?

       

      BR

        • 1. Re: publishing rest api on different server - ORDS
          PhHein

          MOD: moved from APEX

          • 2. Re: publishing rest api on different server - ORDS
            EJ-Egyed

            When a REST API is defined with ORDS in the database, it will be accessible from any application server you are connecting with using the ords.war file on that server.  There is no way to define the REST API to be tied to a specific port.  There are a few options that I can think of to solve your problem.

             

            1. You would have to do some configuration on the application servers to either block or allow the URL pattern that should be accessible from each application server.  This would make sure that only valid network traffic is passing through that URL.
            2. Add authentication to your REST API and only give the credentials to the users who should be using the API.  This would allow the API to be accessible from any application server, but only properly authenticated users would be able to use the API.
              1. If you use Basic Authentication, you can set up the credentials file in your ORDS configuration directory on the only on the application server that should be used to access the API.
              2. If you use OAuth Authentication, just give the credentials to the users who should be accessing the API, but they will be able to use any application server to access the API.