Key Principles for Safe and Efficient Integration of APEX and Oracle EBS

In the previous articles, “How Oracle APEX Extends the Functionality of Oracle EBS?” and “Key Benefits of Extending Oracle EBS with Oracle APEX,” we focused on why and how Oracle APEX can bring new possibilities to the Oracle E-Business Suite environment. Now, we are moving forward—into the practical aspect of integration.

Separation of Schemas and Controlled Access to EBS Data:

• Use a separate schema for APEX applications (e.g., XX_APEX), which is isolated from the EBS schemas. Defining an APEX workspace directly on the APPS schema is not supported because it poses a security risk and could lead to data corruption by bypassing EBS business rules.
• Access EBS data exclusively through views and synonyms defined in the APPS schema, granting only SELECT privileges to your own schema (e.g., XX_APEX). These views can include security logic and joins to prevent unauthorized changes to the underlying data.
• Make EBS data modifications exclusively through public, documented, and supported EBS APIs. Direct INSERT, UPDATE, and DELETE operations on EBS tables are not supported because they bypass validation, security mechanisms, and business logic, which can lead to data corruption. Code calling the API should be encapsulated in your own PL/SQL packages within the APPS schema.

 Seamless Integration with EBS User Interface and Security:

• Implement APEX authentication and authorization schemes that integrate with EBS security. APEX offers pre-configured schemes, including support for Oracle Access Manager (OAM), or you can use custom PL/SQL to validate against existing EBS users and their responsibilities. Insum Solutions provides a custom authentication solution that leverages a pre-authenticated EBS session and automatically initializes the EBS context (e.g., FND_GLOBAL.APPS_INITIALIZE).
• APEX authorization schemes should reflect EBS responsibilities to define consistent access plans. It is recommended to set the authorization scheme at the application level, referencing the EBS form function from which the APEX application was launched. When a user’s responsibility is added or removed in EBS, their access to the related functionality in APEX changes accordingly.
• Configure the EBS profile option FND: APEX URL to include the hostname of Oracle REST Data Services (ORDS). Additionally, define EBS functions that link to specific APEX pages with the ability to pass parameters such as RESPONSIBILITY_ID and RESP_APPL_ID from EBS to APEX.
• For deep linking and session timeout management, set Deep Linking to Enabled and Session Timeout URL to the EBS logout/refresh URL (/OA_HTML/OAParentReload.jsp).
• For embedding APEX pages in frames (embedded mode), set Embed in Frames to Allow from same origin and add the following header in the APEX application’s security attributes:
• Content-Security-Policy: frame-ancestors https://<EBS_hostname>:<port>;
• Use HTTPS for all communication between the browser, ORDS, and the database to prevent interception of login credentials.
• Be aware of new security features from EBS Release 12.2.6+ that may block redirects. Properly configure profile options (Security: Allowed Resources, FND: Security Resource Logging, Allow Unrestricted Redirects) and whitelisted resources.

Every implementation is different—and it is precisely in these differences that challenges and opportunities often lie.
If you are considering integrating APEX into your Oracle EBS environment, we would be happy to review your specific scenarios with you, recommend the best approach, and assist with the design and implementation of the solution.

Get in touch with us—we’d be glad to have a non-binding discussion about what APEX could bring to your organization.

Just fill out a short contact form or write to us at info@apexsolutions.cz.