I created a Web API that has a DB View CDT. I want to use this API endpoint in an external application. I also created Web APIs that are table-based (not view-based) and they can be read in my external application without issue. But when I use the same view-based web API I get a 500 error code on the external app (even Postman).
Now to access those web APIs I created a service account with API Keys and they work with table-based web APIs but not view-based web APIs. Are service accounts not able to access DB views? What am I missing?
Also what's best practice to get the API key (that's created when service account is created) from Appian instead of having to hard-code it in the external application?
Discussion posts and replies are publicly visible
One possible issue could be that your service account doesn't have proper security to the datastore that contains the view entity (or) to the objects used in the Web API. Make sure you have updated the security for all objects.
For your second question, I think we have to hard-code the API key, since after creation we cannot get the API key anywhere from the system.
That was one of the troubleshooting steps I made with no success. But how does the SA have access to the table-based web API calls but not the view-based is my next question. If they have access to the table-based web API calls, they should also have access to the view-based calls, should they not? Unless something unique is there for the views that SA accounts cannot call. Furthermore I created an Admin account with username/password and that has access to both table and view-based web API calls when using that in the header request.
Thank you for the 2nd answer, I figured there would be another way as any one that knows how to use the console on a browser could technically get that key, not very secured in my opinion.
Security in Appian is basically defined on the objects. You might have mapped your table and view to different entities and the security might not be properly set for the view entity objects.
I'm not sure I understand how to set up the views via security. All the objects that have access to the web API have been given permission to the SA. Do we also provide security access to the views in the database? Is that what you're implying? Sorry I'm confused as I thought there was no need to set up access to the DB tables and views unless you create them in Appian (which I did in this instance) as objects and then add security (which I did as well).