My Oracle Support Banner

E-IB: F.A.Q. on Securing PeopleSoft REST Based Web Services (Doc ID 2004641.1)

Last updated on MAY 17, 2021

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.52 and later
Information in this document applies to any platform.

*** Last revision: 01-Feb-2017 ***


Purpose

PeopleSoft functionality can be, and often is, exposed via so called REspresentational State Transfer (REST) services, also known as REST-based or RESTful services.

A typical call to such service is via an URL like http://host:port/PSIGW/RESTListeningConnector/ServiceOperationName.V1/?param1=value1&param2=value2&...etc...

Some questions arise about how secure are such calls, and how to increase protection of their parameters and other data from evesdropping and unauthorized calls.

 

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Questions and Answers
 Q1: What are the supported ways to secure REST based services in PeopleSoft Integration Broker?
 Q2: Is it possible to avoid exposing in REST service calls the parameter names and values to unauthorized parties if only plain HTTP (not HTTPS) is used?
 Q3: Excluding HTTPS transport, what other ways to protect PeopleSoft REST web service call parameters can be used in Integration Broker?
 Q4: Does PeopleSoft Integration Broker support OAuth authorization in REST based services?
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.