View-Based Web API With Service Account

I created a Web API that has a DB View CDT. I want to use this API endpoint in an external application. I also created Web APIs that are table-based (not view-based) and they can be read in my external application without issue. But when I use the same view-based web API I get a 500 error code on the external app (even Postman).

Now to access those web APIs I created a service account with API Keys and they work with table-based web APIs but not view-based web APIs. Are service accounts not able to access DB views? What am I missing?

Also what's best practice to get the API key (that's created when service account is created) from Appian instead of having to hard-code it in the external application?

  Discussion posts and replies are publicly visible

Parents
  • One possible issue could be that your service account doesn't have proper security to the datastore that contains the view entity (or) to the objects used in the Web API. Make sure you have updated the security for all objects.

    For your second question, I think we have to hard-code the API key, since after creation we cannot get the API key anywhere from the system.

  • That was one of the troubleshooting steps I made with no success. But how does the SA have access to the table-based web API calls but not the view-based is my next question. If they have access to the table-based web API calls, they should also have access to the view-based calls, should they not? Unless something unique is there for the views that SA accounts cannot call. Furthermore I created an Admin account with username/password and that has access to both table and view-based web API calls when using that in the header request.

    Thank you for the 2nd answer, I figured there would be another way as any one that knows how to use the console on a browser could technically get that key, not very secured in my opinion.

Reply
  • That was one of the troubleshooting steps I made with no success. But how does the SA have access to the table-based web API calls but not the view-based is my next question. If they have access to the table-based web API calls, they should also have access to the view-based calls, should they not? Unless something unique is there for the views that SA accounts cannot call. Furthermore I created an Admin account with username/password and that has access to both table and view-based web API calls when using that in the header request.

    Thank you for the 2nd answer, I figured there would be another way as any one that knows how to use the console on a browser could technically get that key, not very secured in my opinion.

Children