Web Service with Internal Access Only

I have seen that web services in OutSystems also allow the Internal Access Only. But with that being said, what is the real essence of this?

Is this built for such a need that the consumer will NOT be an OutSystems application?

Because, we are assuming that if the consumer is also built with OutSystems, isn't better to expose a server action instead.. and reference it from the module? As we are only talking about the Internal applications, and mostly internal applications are only built within the same environment.

Does OutSystems promotes implementing Internal Access Only for Web Services that are only consumed within the same environment? Will this relates to a loosely coupled architecture?

We do understand that the design comes by needs, however do we have any specifics with the usage of it for an OutSytems better architecture?


Thank you very much.

John Marvin Yalung wrote:

I have seen that web services in OutSystems also allow the Internal Access Only. But with that being said, what is the real essence of this?

Is this built for such a need that the consumer will NOT be an OutSystems application?

Because, we are assuming that if the consumer is also built with OutSystems, isn't better to expose a server action instead.. and reference it from the module? As we are only talking about the Internal applications, and mostly internal applications are only built within the same environment.

Does OutSystems promotes implementing Internal Access Only for Web Services that are only consumed within the same environment? Will this relates to a loosely coupled architecture?

We do understand that the design comes by needs, however do we have any specifics with the usage of it for an OutSytems better architecture?


Thank you very much.

Hi John,

The following link will answer your queries.

https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/Restrict_Access_to_an_Internal_Network

Thanks,

Sachin

Solution

Hi John,

There are few cases where you want to expose some functionality which is only required by the internal application and yes making a service action and adding its reference is the best option but in case the reference are not directly possible via server action (they may break the 4 layer architecture validation) and hence in such cases we uses the Web Services and allow them to access internally only. This also promotes the  loosely coupled architecture as you mentioned.


Regards,

-PJ-

Solution

Hi John,

As Sachin shared you can check the documentation for internal acces retriction and using this not only outsystems but other application can also access which are running on internal network. Here is how you can configure internal network IPs

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Configure_an_Internal_Network

And as you said, yes this is for implementng loosly coupled architecture. For using within same outsystems environment we already have service action (not server action) which solves the purpose.

Server actions are not good for loosly coupled architecture because for any change in the server action to have to update its depedenccy everywhere. But in service action don't need depedency update if we are only updating logic. Only when there are changes in input/ outpur variable then only you need to update depedency in consumer applications.

Hi Nikhil

I think the point with internal applications referencing the API that are not based on outsystems makes a lot of sense. I did not see a need of having an internal web service before I read this.

Cheers