Web API Additional Configurations

Question

Hi Team, 
 Where should we see the additional configurations of the web api we create like rate limit, timeout, payload size limitations, retry threshold etc? Is it modifiable for cloud environment? 
 Along with that, I also have few other questions below: 
 1. when we expose our data via API, as an additional security, do we have any methods to black list/white list system IPs? 
 2. what's the good practice regarding rotation of authentication credentials in web api? 
 3. what is the typical response time for webapi? 
 
 Thanks in advance!

Abhishek Karumuru · Answer

AFAIK: In the Appian Cloud environment, Appian manages configurations such as rate limits, timeouts, payload size limits, and retry thresholds at the infrastructure level . Appian executes Web APIs in milliseconds to a few seconds based on: 
 Complexity of the expression rule Volume of data retrieval Calls to external systems. 
 
 Regarding the rotation of credntials, AFAIK it would be 60-90 days as per best practices

Stefan Helzle · Answer

Appian can only provide the API itself. For any additional requirements, you should consider adding some sort of API gateway in front of Appian.