Securing and Accessing Secured Files in Oracle CPQ Cloud

Oracle CPQ Cloud allows administrators and developers to store files in a secure folder that can be accessed only when users are logged into the system. This is essential for protecting sensitive resources like custom JavaScript files, stylesheets, or configuration documents.

Step 1: Create a Folder

Navigate to the File Manager in the Oracle CPQ Cloud Administration. Create a new folder where you want to store your secure files. For example, create a folder called scripts.

Step 2: Mark the Folder as Secure

Once the folder is created, you need to mark it as secure. This ensures that:

• Files are only accessible to authenticated users
• Direct URL access without authentication is blocked
• The files are served through Oracle CPQ’s security layer

Step 3: Use the New URL

To reference secure files, use the $SECURE_PATH$ variable instead of the regular file path. This variable automatically resolves to the correct secure URL when the page is rendered.

Example

This script tag will only load the JavaScript file when the user is properly authenticated in Oracle CPQ Cloud.

Try It in Oracle CPQ Cloud

Here’s a step-by-step exercise to practice securing files:

1. Create a folder called “scripts” and make it secure
2. Upload a custom JavaScript file (like cpq_custom.js) that makes visual changes to your pages
3. Add the following line in the Footer section of the Header and Footer page in Administration Platform:
4. Test by accessing the page while logged in vs. accessing the file URL directly (which should fail)

Best Practices

• Always use $SECURE_PATH$ for custom JavaScript and sensitive CSS files
• Organize files in folders by type (scripts, styles, images)
• Test access permissions by trying to access files while logged out
• Document secured resources for your team to maintain consistency

By properly securing your files, you protect your custom implementations and ensure that sensitive business logic is not exposed to unauthorized users.