APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

RESTful Service Protected by Privilege Not Returning 401 - Accessible Without Token in APEX 19.2

Adhi S4 hours ago

Hello,

I have a critical security issue with RESTful Services in APEX 19.2.0.00.18. My endpoint is protected by privilege, but it's not returning 401 Unauthorized when called without a token. The service is accessible without any authentication when URI parameters are passed.

Environment

APEX Version: 19.2.0.00.18
ORDS Version: 19.2.0.r1991647
DB Version : Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

Issue Description
My RESTful service endpoint is configured with privilege protection, but authentication is not being enforced:
ruby
Copy code
URI: https://hostname/apex/libdoc/docs/doc/:id/add Method: POST

Problem
Even though the service is protected by privilege, I can successfully call it WITHOUT passing any authentication token in the request header.
Expected: 401 Unauthorized error when no token is provided
Actual: 200 Success - Request processes successfully
POST https://hostname/apex/libdoc/docs/doc/123/add
Content-Type: application/json

{ "key": "value" }

Response**:**
Status: 200 OK ✅ (Should be 401 ❌)
Body: Successful response with data

Can anyone help me to give a workaround to fix it.

Thanks in Advance!

Regards,

Lakshmi.S

Added 4 hours ago

#apex, #restfulservice

0 comments

8 views

APEX

RESTful Service Protected by Privilege Not Returning 401 - Accessible Without Token in APEX 19.2

Environment

Issue Description

Problem

Response**:**

Response: