There is a requirement that we have a means for non-appian users to create new accounts in the application I am working on. Since Appian does not appear to have any built in means of allowing this, the current workaround is to make a web API that connects to an external site and kicks off a process model which can make new users. This kind of makes us nervous (particularly since there is no way to delete unnecessary users in Appian), so we added an admin approval step before the actual user creation stage, but we're still a little nervous about potential DDoS attacks and the like. Is there an in-Appian method to limit how often an API gets accessed? And if not, is there some other best practice to prevent attacks on Appian APIs?
Discussion posts and replies are publicly visible
Of course Stefan,
APIs must control the amount of data provided, either with paging or simply just limiting the amount of data provided forcing the requester for using a proper filtering.
But that does not prevent someone querying your system every second, right?
And the concern is that even Appian is not an API platform (if Appian sales hear you saying that Appian is not an integration platform, will get angry at you :) ). Even Appian is not an API platform, as it publishes services, it is exposed to the same risks and problems that an API platform.
And that's my point. We're in the middle. In my honest opinion, since the moment we publish services, we're exposed to all those problems and it seems that Appian is not able to prevent them by itself, for the documentation that I've found and the responses that you are so kindly providing.
Thanks again Stefan, i'll review the network topology and configs to ensure this is properly protected as it seems that there is nothing I can do from within Appian.