KB-2128 Web API and Connected System object errors after applying a hotfix package

Parmida Borhani — Thu, 04 Jun 2020 07:47:55 GMT

Current Revision posted to Appian Knowledge Base by Parmida Borhani on 6/4/2020 7:47:55 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.2 or later, the following symptoms occur when using a WebAPI or Connected System that references the request parameter http!request.header.authorization:

Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable
Removing the reference to http!request.header.authorization resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null

Cause

Appian introduced a change via AN-155298 which includes an update to improve security. In particular, the authorization header is no longer accessible to the designer via the Web API expression when invoking Web API calls. As this header is no longer accessible, any existing calls making use of this property will return error messages stating that the field is null or that the parameter is missing.

Action

The change is intentional and has been made to improve the security of the Appian environment. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any WebAPI or Connected System objects to no longer access and make use of this property.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: June 2020

Tags: connected systems, Security, integration, application design, web api, hotfix

KB-2128 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Parmida Borhani — Thu, 04 Jun 2020 07:46:59 GMT

Revision 15 posted to Appian Knowledge Base by Parmida Borhani on 6/4/2020 7:46:59 AM

Symptoms

Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable
Removing the reference to http!request.header.authorization resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null

Cause

Action

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: June 2020

Tags: Connected system, Security, integration, application design, web api, hotfix

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Tom Ryan — Thu, 04 Jun 2020 07:16:02 GMT

Revision 14 posted to Appian Knowledge Base by Tom Ryan on 6/4/2020 7:16:02 AM

Symptoms

Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable
Removing the reference to http!request.header.authorization resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null

Cause

Action

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: June 2020

Tags: Connected system, Security, integration, application design, web api, hotfix

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Parmida Borhani — Wed, 03 Jun 2020 03:40:37 GMT

Revision 13 posted to Appian Knowledge Base by Parmida Borhani on 6/3/2020 3:40:37 AM

Symptoms

Removing this reference resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Appian introduced a change via AN-155298 which includes an update to improve security. In particular, the authorization header is now hidden when invoking web API calls. As this header is now hidden, any existing calls making use of this property will return error messages stating that the field is null or that the parameter is missing.

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any WebAPI or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: June 2020

Tags: Connected system, Security, integration, application design, web api, hotfix

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Wed, 03 Jun 2020 00:28:23 GMT

Revision 12 posted to Appian Knowledge Base by Jason Ly on 6/3/2020 12:28:23 AM

Symptoms

Removing this reference resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Wed, 03 Jun 2020 00:27:14 GMT

Revision 11 posted to Appian Knowledge Base by Jason Ly on 6/3/2020 12:27:14 AM

Symptoms

Removing this reference resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Wed, 03 Jun 2020 00:26:56 GMT

Revision 10 posted to Appian Knowledge Base by Jason Ly on 6/3/2020 12:26:56 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.2 or later, the following symptoms occur when using a WebAPI or Connected System that references the request parameter

http!request.header.authorization :

Removing this reference resolves any errors
When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through WebAPI or Connected System objects to other services return error messages
The WebAPI tests return HTTP 500 errors
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Mon, 01 Jun 2020 04:41:44 GMT

Revision 9 posted to Appian Knowledge Base by Jason Ly on 6/1/2020 4:41:44 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.2 or later, the following symptoms occur:

When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through Web API or Connected System objects to other services return error messages
The Web API tests return HTTP 500 errors
The Web API uses http!request.header.authorization in the code. Removing this reference resolves any errors.
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.2 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Mon, 01 Jun 2020 04:38:26 GMT

Revision 8 posted to Appian Knowledge Base by Jason Ly on 6/1/2020 4:38:26 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.3 or later, the following symptoms occur:

When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through Web API or Connected System objects to other services return error messages
The Web API tests return HTTP 500 errors
The Web API uses http!request.header.authorization in the code. Removing this reference resolves any errors.
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.3 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Mon, 01 Jun 2020 04:37:41 GMT

Revision 7 posted to Appian Knowledge Base by Jason Ly on 6/1/2020 4:37:41 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.3 or later, the following symptoms occur:

When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through Web API or Connected System objects to other services return error messages
The Web API tests return HTTP 500 errors
The Web API uses http!request.header.authorization in the code. Removing this reference resolves any errors.
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.3 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian to newer hotfix package

Jason Ly — Mon, 01 Jun 2020 04:35:35 GMT

Revision 6 posted to Appian Knowledge Base by Jason Ly on 6/1/2020 4:35:35 AM

Symptoms

After upgrading to a newer hotfix package on Appian 18.3 or later, the following symptoms occur:

When testing calls on affected objects, request body displays errors stating that a parameter is missing or null
Calls made through Web API or Connected System objects to other services return error messages
The Web API tests return HTTP 500 errors
The Web API uses http!request.headers.authorization in the code. Removing this reference resolves any errors.
Unable to send or receive messages where integration is involved
HTTP 404 errors when users try to access pages which were once viewable

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian 18.3 and later.

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian 20.1 Hotfix Package A

Parmida Borhani — Thu, 28 May 2020 07:10:13 GMT

Revision 5 posted to Appian Knowledge Base by Parmida Borhani on 5/28/2020 7:10:13 AM

Symptoms

After upgrading to Appian 20.1 Hotfix Package A or later, the following symptoms occur:

Calls made through Web API or Connected System objects to other services return error messages
HTTP 404 errors on pages
WebAPI 500 errors
Unable to send or receive integration messages
When testing calls on these objects, request body errors stating that a parameter is missing or null

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues, refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be http!request.header.authorization.

Affected Versions

This article applies to Appian versions .....

Last Reviewed: May 2020

Tags: integration, application design, web api

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian 20.1 Hotfix Package A

Jason Ly — Thu, 28 May 2020 06:54:26 GMT

Revision 4 posted to Appian Knowledge Base by Jason Ly on 5/28/2020 6:54:26 AM

Symptoms

After upgrading to Appian 20.1 Hotfix Package A or later, the following symptoms occur:

Calls made through Web API or Connected System objects to other services return error messages
404 errors on pages
WebAPI 500 errors
Unable to send or receive integration messages
When testing calls on these objects, request body errors stating that a parameter is missing or null

Cause

The recent Appian hotfix release includes an update to improve security. In particular, a change has been made reference number AN-155298 so that the authorization header is now hidden when invoking web API calls. As this header is now hidden, any existing calls making use of this property will return error messages stating that the field is null or that the parameter is missing.

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues:

Refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property. An example of this would be:

http!request.header.authorization

There is no action or workaround currently available for this issue. If you are facing this issue, please open a support case with Appian.

Tags: integration, application design

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian 20.1 Hotfix Package A

Jason Ly — Thu, 28 May 2020 06:53:37 GMT

Revision 3 posted to Appian Knowledge Base by Jason Ly on 5/28/2020 6:53:37 AM

Symptoms

After upgrading to Appian 20.1 Hotfix Package A or later, the following symptoms occur:

Calls made through Web API or Connected System objects to other services return error messages
404 errors on pages
WebAPI 500 errors
Unable to send or receive integration messages
When testing calls on these objects, request body errors stating that a parameter is missing or null

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues:

Refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property.An example of this would be:

http!request.header.authorization

There is no action or workaround currently available for this issue. If you are facing this issue, please open a support case with Appian.

Tags: integration, application design

DRAFT SP-4577 Web API and Connected System object errors after upgrading to Appian 20.1 Hotfix Package A

Jason Ly — Thu, 28 May 2020 06:51:43 GMT

Revision 2 posted to Appian Knowledge Base by Jason Ly on 5/28/2020 6:51:43 AM

Symptoms

After upgrading to Appian 20.1 Hotfix Package A or later, the following symptoms occur:

Calls made through Web API or Connected System objects to other services return error messages
404 errors on pages
WebAPI 500 errors
Unable to send or receive integration messages
When testing calls on these objects, request body errors stating that a parameter is missing or null

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues:

Refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property

There is no action or workaround currently available for this issue. If you are facing this issue, please open a support case with Appian.

Tags: integration, application design

DRAFT SP-4577 Web API and Connected System objects after upgrading to Appian 20.1 Hotfix Package A

Jason Ly — Thu, 28 May 2020 06:47:11 GMT

Revision 1 posted to Appian Knowledge Base by Jason Ly on 5/28/2020 6:47:11 AM

Symptoms

After upgrading to Appian 20.1 Hotfix Package A or later, the following symptoms occur:

Calls made through Web API or Connected System objects to other services return error messages
404 errors on pages
WebAPI 500 errors
Unable to send or receive integration messages
When testing calls on these objects, request body errors stating that a parameter is missing or null

Cause

Action

The change introduced by this hotfix is intentional and aims to improve security. In order to resolve related issues:

Refactor any expressions or SAIL code referencing the Authorization header in any web API or Connected System objects to no longer access and make use of this property

There is no action or workaround currently available for this issue. If you are facing this issue, please open a support case with Appian.

Tags: integration, application design