Breaking Bad Connections
As Lenin was wont to say - trust is good, control is better. So how does all of this relate to OIC connections? Well some customers don't want certain adapters to be used, e.g. the GMAIL adapter. Nothing against gmail, it's just a simple example to use. Also, what about connections based on the REST adapter, where are they pointing to?
If you need such, then read on; if not then you have my permission, to stop reading and do something more interesting! In this I create an integration that will invoke the OIC Factory api to get connection data. I will then check for use of "banned" adapters and then invoke a pl/sql function to check base urls.
Firstly, a BIG thanks to my esteemed colleague Matt B. for suggesting this requirement and for helping me develop it.
To begin with, I create the following tables in ATP
create table invalid_connections(checkDate TIMESTAMP
not null, project varchar2(50) not null,
connectionType varchar2(20) not null,
connectionId varchar2(50) not null,
message varchar2(100) not null);
create table invalid_adapters(id varchar2(20) not null,
name varchar2(20) not null);
Insert into invalid_adapters values ('GMAIL', 'gmail');
create table invalid_baseUrls (connectionURL varchar2(50)
not null);
insert into INVALID_BASEURLS
values ('api.openweathermap.org');
commit;
Here is a sample project I will interrogate, note its connections -
Now to the OIC factory api, which I will use to check out my connections and make sure they adhere to the rules.
I run this in postman -
Here are snippets from the response -
{
"adapterType": {
"displayName": "Google Gmail",
"links": [],
"name": "gmail",
"type": "PREINSTALLED"
},
"agentRequired": false,
"agentSupported": false,
"connectionProperties": [],
"created": "2025-10-23T06:05:55.633+0000",
"createdBy": "niall.commiskey@oracle.com",
"description": "",
"hasOverride": false,
"id": "GMAIL",
another one -
{
"displayName": "Connection URL",
"hasAttachment": false,
"hiddenFlag": false,
"propertyGroup": "CONNECTION_PROPS",
"propertyName": "connectionUrl",
"propertyShortDesc": "Please make sure that this value really corresponds to the type selected above.",
"propertyType": "URL",
"propertyValue": "https://api.openweathermap.org/data/2.5/",
"requiredFlag": true
},
{
As you can see, I've all the data here.
I create a connection in the project for the factory api -
and then use this in an integration -
I take the response payload from postman, massage it a bit, to reduce size and then use it as the response.
As you can see, I then invoke ATP to check if the adapter is forbidden.
I am using the following field as input -
I run the integration and check the activity stream -
Now to the second check - this time I'm looking for "forbidden" urls, such as our weather example.
Now to checking the urls. Remember, in our little world, it is forbidden to invoke the following -
I create a PL/SQL function to check this for me, here's the code -
create or replace PACKAGE NIALLC.CONN_PKG AS
FUNCTION f_check4InvalidURLS (in_project varchar2,
in_url varchar2,
in_connectionType varchar2,
in_connectionId varchar2) RETURN varchar2;
END CONN_PKG;
create or replace PACKAGE BODY NIALLC.CONN_PKG AS
Function f_check4InvalidURLS (in_project varchar2,
in_url varchar2,
in_connectionType varchar2,
in_connectionId varchar2)
RETURN varchar2
IS
v_response varchar2(50) := 'VALID URL';
v_position NUMBER;
cursor c1 is
SELECT connectionURL FROM invalid_baseurls;
BEGIN
FOR invalidBaseurls_rec in c1
LOOP
v_position := INSTR(in_url,
invalidBaseurls_rec.connectionURL);
IF v_position > 0 THEN
v_response := 'INVALID URL';
insert into INVALID_CONNECTIONS values (
sysdate,
in_project,
in_connectionType,
in_connectionId,
'URL ' || in_url || ' is not allowed');
COMMIT;
END IF;
END LOOP;
RETURN v_response;
END f_check4InvalidURLS;
END;
Simple enough!
I run the integration -
then check the DB table -
The integration might seem somewhat complex, but, be assured, its not -
Next step should be to check if these invalid connections are actually used in integrations.
We can use the following api request -
https://design.integration.us-phoenix-1.ocp.oraclecloud.com/ic/api/integration/v1/projects/yourProject/connections/yourConnectionID/usage?integrationInstance=yourOICInstance
Connection ID is the name you give the connection -
I called the connection "Weather", the id defaults to the upper case version of this - "WEATHER"
The adapter type, in this case REST, surfaces in the adapterType section -
"adapterType": {
"displayName": "Google Gmail",
"links": [],
"name": "gmail",
"type": "PREINSTALLED
This has been covered earlier, but just a quick recap.
Anyway, I execute the aforementioned api request in Postman -
{
"connectionUsage": [],
"integrationUsage": [
{
"code": "WEATHERDEMO",
"isLocked": false,
"links": [
{
"href": "https://...",
"rel": "self"
}
],
"name": "weatherDemo (1.0)",
"projectId": "AA_PROJECT2",
"status": "ACTIVATED",
"version": "01.00.0000"
}
],
"links": [
{
"href": "https://...",
"rel": "self"
}
],
"name": "Weather"
}
Here I see the integration ID, name, version, status etc.
Now we could consider augmenting our flow by deactivating the integration.
Summa Summarum
Let's recap on what's been covered here -
1. create DB tables to list forbidden adapters and base urls
2. create DB table to protocol infringements
3. create a PLSQL package to validate base urls against the forbidden base urls table, protocolling any infringements.
4. create an integration that uses the OIC Factory api to retrieve connections in a project.
4.1. use the ATP adapter to check for usages of forbidden adapters.
4.2. use the ATP adapter to invoke the PLSQL package, in order to validate base urls used in connections
4.3. check which integrations are using the "offending" connections. Protocol those integrations and, if they are ACTIVATED, do the necessary.
