You are currently reviewing an older revision of this page.

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package


After upgrading to a newer hotfix package on Appian 18.2 or later, the following symptoms occur when using a WebAPI or Connected System that references the request parameter http!request.header.authorization :

  • Removing this reference resolves any errors
  • When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
  • Calls made through WebAPI or Connected System objects to other services return error messages
  • The WebAPI tests return HTTP 500 errors
  • Unable to send or receive messages where integration is involved
  • HTTP 404 errors when users try to access pages which were once viewable


Appian introduced a change via AN-155298 which includes an update to improve security. In particular, the authorization header is now hidden when invoking web API calls. As this header is now hidden, any existing calls making use of this property will return error messages stating that the field is null or that the parameter is missing.


The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: May 2020