Mask Portal URL

Hi,

We have a request to ensure that a portal link cannot be reused and that it cannot be accessed outside of the site that embedds the portal links. The client is concerned that the URL will be exposed and that a nefarious actor could use the URL to create cases using the same portal link.

From my research I found that we can use a Web API can expose an encrypted URL using a!urlForPortal (source: https://docs.appian.com/suite/help/24.1/url-parameters.html#linking-from-an-external-website), but the client says this won't solve the problem because a person could still grab the encrypted URL and reuse it.

I realize portals are for anonymous users, but the client is asking about this regardless.

Any suggestions would be helpful.

  Discussion posts and replies are publicly visible

Parents Reply
  • 0
    Appian Employee
    in reply to Mike Schmitt

    Yep, this is about how'd I do it, too - mark the URL as used in the same write/process that happens when the form submits (or whatever action the user is supposed to take).

    You could also make a time-expiring URL by capturing the timestamp when the identifier is created, and then when evaluating the URL checking that timestamp to see if the URL is still valid.

Children