Log in to AnswerLog in to Follow
Akshay Puri
Champion
7Views
3Comments
Configurations for OutSystems Exposed Rest APIs not to be reachable over internet
Question
Reactive
Service
Application Type
Reactive, Service
Service Studio Version
11.10.10 (Build 38777)
Platform Version
11.10.0 (Build 22910)

Hi All,

We have OS 11 deployed in private AWS cloud and the reactive application is accessible over internet. We have requirement to expose some rest apis from OutSystems to other component deployed in same private cloud. So this third party component will consume the apis privately and these apis should not be reachable over internet. I have gone through the documentation and forums to create the OutSystems Internal Network and whitelist the appropriate IPs. However, there are couple of challenges with this:

  1. Service Center will also not be accessible over internet
  2. The APIs are still reachable over internet although not accessible and shows some authorization error

Has anyone faced similar situation and has any pointers here? Thanks.

0
0
on 8th Mar
João Marques
mvp_badge
MVP

Hi Akshay,


You can define a range of IPs which make your internal network and then you have the options to configure specific elements (like UI Flows or REST APIs). It can be done on-premises by your OutSystems Administrator or via a support case with OutSystems, like it is mentioned in the documentation.

In my past experience in the OutSystems cloud, Service Center was only restricted to Internal Access only and a VPN was set up and made available to the team so they could access the internal network remotely and therefore work remotely.


Kind Regards,
João

0
0
on 8th Mar
Akshay Puri
Champion

Thanks João for responding. Customer has a specific security requirement not make the rest apis reachable over internet. I am able to achieve the configurations you have suggested however, the apis are still reachable over internet. Please note that they are not accessible and throw authorization error. So, the question is - Can I stop rest apis from being reachable over internet while I want the end users to access the UI over internet?

0
0
on 8th Mar
João Marques
mvp_badge
MVP

Replying to Akshay Puri's comment on 08 Mar 2021 08:25:20

Hi Akshay,


Yes, you can restrict exposed REST APIs to Internal Access Only, like on the image below:

0
0
on 8th Mar
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.