PL/SQL Block to generate an OCI Pre-Authenticated Request URL

generate_pre_authenticated_request.sql

DECLARE

  l_request_url         VARCHAR2(1000);
  l_request_json        CLOB;
  l_response_json       CLOB;
  l_response_obj        JSON_OBJECT_T;
  l_expires_ts_tz       TIMESTAMP WITH TIME ZONE;
  l_expires_str         VARCHAR2(100);
  l_par_name            VARCHAR2(100);
  l_access_type         VARCHAR2(25);
  l_object_name         VARCHAR2(100);
  lc_oci_endpoint_url   CONSTANT VARCHAR2(100)  := 'https://objectstorage.us-ashburn-1.oraclecloud.com';
  lc_oci_namespace      CONSTANT VARCHAR2(100)  := 'YOUR_OCI_NAMESPACE';
  lc_oci_bucket_name    CONSTANT VARCHAR2(100)  := 'APEX_OCI_BLOG_FILES';
  -- The below constant is for the APEX Web Credential for the OCI Service Account.
  l_oci_apex_cred       CONSTANT VARCHAR2(100)  := 'APEX_OCI_BLOG_CREDENTIAL';
  
BEGIN

  -- Calculate the PAR Expiration as Current time Plus 1 Hour in UTC time zone.
  l_expires_ts_tz := SYSTIMESTAMP AT TIME ZONE 'UTC' + NUMTODSINTERVAL(1, 'HOUR');
  -- Generate String version of expiration date and time.
  l_expires_str   := TO_CHAR(l_expires_ts_tz,'yyyy-mm-dd"T"hh24:mi:ss"Z"');
  
  -- Set the access type for the PAR
  -- Allowed Values: [ObjectRead,ObjectWrite,ObjectReadWrite,AnyObjectWrite,AnyObjectRead,AnyObjectReadWrite]
  l_access_type := 'AnyObjectWrite';
  
  -- Set the object path and name or prefix for the PAR.
  -- If provided, this determines what specific object or set of objects the PAR has access to.
  -- In this example PAR_TEST_FOLDER is the name of a folder in the bucket so the PAR will have access to that folder.
  l_object_name := 'PAR_TEST_FOLDER';

  -- Build the name for the PAR.
  l_par_name := 'BLOG_DEMO_' || l_access_type || '_' || l_expires_str;
  
  -- Build up the URL to call the OCI web service which will generate the PAR.
  -- Object Store Endpoint || Your OCI Namespace Name || Your Object Store Bucket Name
  l_request_url := lc_oci_endpoint_url ||
                     '/n/' || lc_oci_namespace || 
                     '/b/' || lc_oci_bucket_name ||
                     '/p/';

  -- Build the Request Body for the call to the generate the PAR web service.
  l_request_json := '{' ||
                    '"accessType":'  || apex_json.stringify( l_access_type ) || ',' ||
                    '"name":'        || apex_json.stringify( l_par_name ) || ',' ||
                    '"objectName":'  || apex_json.stringify( l_object_name ) || ',' || 
                    -- Below field determines if PAR is allowed to list objects in the bucket.
                    -- Values: [Deny,ListObjects]
                    '"bucketListingAction":' || apex_json.stringify( 'Deny' ) || ',' ||
                    '"timeExpires":' || apex_json.stringify( l_expires_str ) || 
                    '}';
    
  -- Call OCI PAR Web Service.
  l_response_json := apex_web_service.make_rest_request
   (p_url                  => l_request_url,
    p_http_method          => 'POST',
    p_body                 => l_request_json,
    p_credential_static_id => l_oci_apex_cred);

  IF apex_web_service.g_status_code = 200 THEN
    -- Parse the JSON Response.
    l_response_obj := json_object_t.parse(l_response_json);
    -- Return the PAR URL e.g. https://objectstorage.us-ashburn-1.oraclecloud.com/p/vDWqlx78OJgBIHyMFAZfzQSszzxcozXeQq3jNMuoMHsyrL2QR5TZCvlKC_UEtlDJ/n/nueva/b/nueva_apps/o/
    dbms_output.put_line ('URL: '||lc_oci_endpoint_url || l_response_obj.get_String('accessUri'));
  ELSE
    dbms_output.put_line ('Web Service Failed: '|| apex_web_service.g_status_code);
    dbms_output.put_line ('Response : '|| l_response_json);
  END IF;
END;