You must add all resources that require access to your instance to your allowlist. Before you create your allowlist, you should determine what those resources are and collect the information you'll need to add to the allowlist.

Collect the following information before creating your allowlist:

1. Your organization's VCN OCID

   The resources in your organization's virtual cloud network (VCN) should be able to access Oracle Integration. The VCN must be in the same region as Oracle Integration and should have a service gateway.

   When you add the VCN OCID to the allowlist, all resources on the VCN can access Oracle Integration. 

2. Outbound IP addresses for applications that are event sources

   All event sources, such as Oracle Fusion Cloud Applications ERP events, need access to Oracle Integration.

   To get these outbound IP addresses, contact the application providers.

3. Outbound IP addresses for Oracle SaaS applications that make HTTPS calls to Oracle Integration

   Oracle SaaS applications can make HTTPS calls to Oracle Integration, depending on the design of the integration.

   Some examples:

   • Integrations using SaaS adapter connections for trigger and callbacks
   • When the connectivity agent is used with an adapter that does polling, such as for database polling and invoking
   • When the connectivity agent is used to communicate with Oracle Integration

   To get the outbound IP address for your SaaS instance, go to the About dialog in Oracle Integration. See Obtain the Inbound and Outbound IP Addresses of the Oracle Integration Instance.

   For a list of external IP addresses (by data center) for web service calls initiated by Oracle Cloud Applications, see the support note ID 1903739.1: IP Whitelist for Web Service Calls Initiated by Oracle Cloud Applications .

4. Outbound IP addresses for partner systems that require access to Oracle Integration and File Server

   All partner networks and applications that require access to Oracle Integration and File Server must be added to the allowlist. Make sure you consider all partner systems when compiling the list. For example, if a CRM platform requires access, you must add the individual IP address or range of IP addresses for the platform.

   When you add the IP addresses or address ranges to the allowlist, you grant full access to the user interface and integrations for your network.

5. Your API gateway VCN (if using one)

   If you're using an API gateway to manage Oracle Integration endpoints, add the API gateway VCN to the allowlist. See Manage Oracle Integration Endpoints Using API Gateway.

You must also enable loopback in the allowlist so that Oracle Integration and File Server can call themselves. For example, enabling loopback allows Oracle Integration to call its own REST APIs.