To prevent unauthorized access to your REST modules, APEX provides an easy, declarative way of adding basic authentication. This method utilizes APEX user accounts and RESTful Service Privileges. In order not to expose passwords, you should make sure to enable SSL/HTTPS!
First edit an existing APEX user account, and add the RESTful Services group to that user. In our example we’ll edit the APEX user SCOTT. To do this, navigate to Manage Users and Groups in the workspace where your REST modules are, edit a user, and assign the group in the Group Assignments region:
Next create the RESTful Service Privilege by navigating to RESTful Services in the SQL Workshop. In the Tasks sidebar on the right, click the RESTful Service Privilege link.
Fill out the form and select the modules you want to protect, by shuttling them to the right in Protected Modules.
That’s it! Everything under the selected module now requires the username and password of the APEX user. You can test this with the following curl command (edit URI as needed):
curl -u scott:tiger http://servername/ords/workspace/hr/empinfo/
When testing with Postman, choose the Basic Auth from the authentication select list and enter the APEX user’s username and password.