Oracle APEX 26.1 – AI Request & Response Handlers for AI Governance, Token Tracking and Observability
Oracle APEX 26.1 introduces a very powerful feature called AI Attributes, which allows developers to centrally intercept AI requests and responses across the entire application.
Using just two PL/SQL procedures, we can now:
- Track AI token usage
- Capture prompts and responses
- Measure latency
- Log tool calls
- Implement AI governance
- Mask sensitive data
- Detect prompt injection
- Control AI behavior before and after execution
And the best part?
No triggers. No Dynamic Actions. No JavaScript. Everything is handled centrally using AI Request and Response Handlers.
Architecture Flow
The workflow becomes:
- User sends prompt
- APEX builds AI request
- Request Handler executes
- AI Provider processes request
- Response Handler executes
- Response is rendered back to user
This gives us complete visibility and governance before and after AI execution.
Step 1: Create Logging Tables
AI Request Log Table
create table ai_request_log (
id number generated always as identity primary key,
created_on timestamp default systimestamp,
app_user varchar2(255),
invocation number,
message_count number,
request_ts timestamp,
app_id number,
app_page_id number,
session_id varchar2(255)
);AI Response Log Table
create table ai_response_log (
id number generated always as identity primary key,
created_on timestamp default systimestamp,
app_user varchar2(255),
prompt_text clob,
response_text clob,
input_tokens number,
output_tokens number,
total_tokens number,
response_type varchar2(100),
response_error varchar2(100),
response_json clob,
latency_ms number,
response_ts timestamp
);AI Tool Call Log Table
create table ai_response_tool_log (
id number generated always as identity primary key,
created_on timestamp default systimestamp,
tool_call_id varchar2(255),
tool_name varchar2(255),
tool_args clob
);Step 2: Create AI Request Handler Procedure
The Request Handler runs BEFORE the request is sent to the AI provider.
This is the perfect place for:
- Prompt masking
- Security validations
- Prompt injection detection
- Governance checks
- User consent workflows
- Request logging
create or replace procedure ai_request_handler (
p_param in apex_ai.t_chat_request_handler_param,
p_result in out nocopy apex_ai.t_chat_request_handler_result
)
as
begin
insert into ai_request_log (
app_user,
invocation,
request_ts,
app_id,
app_page_id,
session_id
)
values (
v('APP_USER'),
p_param.invocation,
systimestamp,
to_number(v('APP_ID')),
to_number(v('APP_PAGE_ID')),
v('APP_SESSION')
);
exception
when others then
apex_debug.error(
'AI REQUEST HANDLER ERROR: ' || sqlerrm
);
end;
/Step 3: Create AI Response Handler Procedure
The Response Handler runs AFTER the AI provider sends the response, but BEFORE the response is rendered inside the application.
This allows us to:
- Track token usage
- Capture prompts and responses
- Measure latency
- Inspect tool calls
- Modify AI responses
- Apply enterprise governance policies
create or replace procedure ai_response_handler (
p_param in apex_ai.t_chat_response_handler_param,
p_result in out nocopy apex_ai.t_chat_response_handler_result
)
as
l_tool_calls apex_ai.t_chat_message_tool_calls;
l_messages apex_ai.t_chat_messages;
l_prompt clob;
l_latency_ms number;
begin
------------------------------------------------
-- COPY REQUEST MESSAGES LOCALLY
------------------------------------------------
l_messages := p_param.request.messages;
------------------------------------------------
-- GET USER PROMPT
------------------------------------------------
if l_messages.count > 0 then
for i in 1 .. l_messages.count loop
if l_messages(i).chat_role = apex_ai.c_role_user then
l_prompt := l_messages(i).message;
end if;
end loop;
end if;
------------------------------------------------
-- CALCULATE LATENCY
------------------------------------------------
begin
select
round(
(
cast(systimestamp as date)
-
cast(max(request_ts) as date)
) * 86400000
)
into l_latency_ms
from ai_request_log
where app_user = v('APP_USER');
exception
when others then
l_latency_ms := null;
end;
------------------------------------------------
-- RESPONSE LOGGING
------------------------------------------------
insert into ai_response_log (
app_user,
prompt_text,
response_text,
input_tokens,
output_tokens,
total_tokens,
response_type,
response_error,
response_json,
latency_ms,
response_ts
)
values (
v('APP_USER'),
l_prompt,
p_result.response.message.message,
p_result.response.input_tokens,
p_result.response.output_tokens,
p_result.response.total_tokens,
p_result.response.type,
p_result.response.error,
json_object(
'response_type' value p_result.response.type,
'response_error' value p_result.response.error,
'total_tokens' value p_result.response.total_tokens
),
l_latency_ms,
systimestamp
);
------------------------------------------------
-- TOOL CALL LOGGING
------------------------------------------------
l_tool_calls := p_param.pending_tool_calls;
if l_tool_calls.count > 0 then
for i in 1 .. l_tool_calls.count loop
insert into ai_response_tool_log (
tool_call_id,
tool_name,
tool_args
)
values (
l_tool_calls(i).id,
l_tool_calls(i).name,
l_tool_calls(i).args
);
end loop;
end if;
exception
when others then
apex_debug.error(
'AI RESPONSE HANDLER ERROR: ' || sqlerrm
);
end;
/Step 4: Configure AI Attributes
Now navigate to:
Shared Components → AI Attributes
Configure the following:
- Request Handler Procedure: AI_REQUEST_HANDLER
- Response Handler Procedure: AI_RESPONSE_HANDLER
That’s it.
Oracle APEX will now automatically route all AI interactions through these procedures.
What We Can Capture Using This Architecture
- User prompts
- AI responses
- Token usage
- Latency
- Tool calls
- Session details
- Error tracking
- Response types
Future Possibilities
This architecture opens the door for enterprise-grade AI governance inside Oracle APEX applications.
Some future enhancements could include:
- Sensitive data masking
- Prompt injection detection
- AI approval workflows
- Consent management
- Content moderation
- Cost analytics dashboards
- AI observability platforms
- Centralized enterprise AI governance
Conclusion
Oracle APEX 26.1 is not just adding AI features. It is introducing enterprise-grade AI extensibility and governance capabilities directly into the platform.
Using AI Request and Response Handlers, developers can now centrally monitor, control and enhance AI interactions across the entire application using just PL/SQL.
This is an incredibly powerful foundation for building production-grade AI-enabled enterprise applications.
I hope this article helped you understand how AI governance and observability can be implemented inside Oracle APEX 26.1.
Happy Coding 🙂
No comments: