Skip to Main Content
Feature Request FR-4596
Product Area APIs
Status OPEN

3 Voters

Request for Change: Enhance Credential Handling in APEX_WEB_SERVICE.MAKE_REST_REQUEST

fcasett Public · Aug 9 2025

Subject: Enhancement Request for APEX_WEB_SERVICE.MAKE_REST_REQUEST to support multiple credentials or multiple credential properties.

Current Behavior

The APEX_WEB_SERVICE.MAKE_REST_REQUEST API, when used with the p_credential_static_id parameter, can currently only reference a single APEX Web Credential. This credential is limited to a single name-value pair (e.g., a single API key, a single username/password pair, etc.).

This limitation becomes a significant challenge when integrating with modern REST APIs that require multiple, distinct values in the HTTP header for authentication or authorization. For example, some cloud services require a x-api-key and an x-user-token simultaneously, which cannot be managed with a single Web Credential. Developers are currently forced to manage these separate values manually.

Proposed Solutions

I propose two alternative solutions to address this limitation, either of which would greatly improve the API's flexibility and developer experience:

Solution 1: Support for Multiple Credential IDs

Enhance the p_credential_static_id parameter to accept an array or a colon-separated string of credential static IDs. When multiple IDs are provided, the API would retrieve the corresponding Web Credentials and merge them into the request's headers.

  • API Change: Update the p_credential_static_id parameter to accept a VARCHAR2 containing a list of static IDs (e.g., 'API_KEY_CRED:USER_TOKEN_CRED'). The API would then loop through these credentials and apply the headers.
  • Example Usage: l_response := apex_web_service.make_rest_request(..., p_credential_static_id => 'CLOUDFLARE_API_KEY:CLOUDFLARE_USER_TOKEN');
  • Benefits: This approach maintains the existing Web Credentials structure while allowing for powerful, declarative combinations. It would also be backward-compatible.

Solution 2: Support for Multiple Key/Secret Pairs in a Single Credential

Enhance the APEX Web Credentials configuration UI to allow a single credential to store multiple name-value pairs, similar to how key-value storage works in other tools. This would allow a developer to create a single Cloudflare Web Credential that contains both an x-api-key and an x-user-token.

  • UI/Metadata Change: Modify the Web Credentials configuration to support an array of (Credential Name, Credential Secret) pairs.
  • API Behavior: When p_credential_static_id points to this enhanced credential, APEX_WEB_SERVICE would automatically add all defined key/secret pairs to the request headers.
  • Benefits: This is a cleaner, more logical solution for APIs that require multiple pieces of authentication data to be managed as a single unit. It would reduce the number of individual credentials a developer needs to create.

Business Value

  • Improved Security: Encourages developers to store all sensitive API keys and secrets securely as Web Credentials, rather than hardcoding them or managing them with less secure methods.
  • Enhanced Developer Productivity: Simplifies API integration by removing the need for manual header management, especially for complex APIs.
  • Wider API Compatibility: Makes APEX more compatible with a broader range of third-party REST services that rely on multi-part header authentication.
  • Better Maintainability: Centralizes all authentication logic within the Web Credentials, making it easier to update secrets or change authentication methods across an entire application.

This change would be a significant quality-of-life improvement for developers working with modern, multi-credential APIs.

This idea is open.