Configurations for OutSystems Exposed Rest APIs not to be reachable over internet
Application Type
Reactive, Service
Service Studio Version
11.10.10 (Build 38777)
Platform Version
11.10.0 (Build 22910)

Hi All,

We have OS 11 deployed in private AWS cloud and the reactive application is accessible over internet. We have requirement to expose some rest apis from OutSystems to other component deployed in same private cloud. So this third party component will consume the apis privately and these apis should not be reachable over internet. I have gone through the documentation and forums to create the OutSystems Internal Network and whitelist the appropriate IPs. However, there are couple of challenges with this:

  1. Service Center will also not be accessible over internet
  2. The APIs are still reachable over internet although not accessible and shows some authorization error

Has anyone faced similar situation and has any pointers here? Thanks.

mvp_badge
MVP

Hi Akshay,


You can define a range of IPs which make your internal network and then you have the options to configure specific elements (like UI Flows or REST APIs). It can be done on-premises by your OutSystems Administrator or via a support case with OutSystems, like it is mentioned in the documentation.

In my past experience in the OutSystems cloud, Service Center was only restricted to Internal Access only and a VPN was set up and made available to the team so they could access the internal network remotely and therefore work remotely.


Kind Regards,
João

Champion

Thanks João for responding. Customer has a specific security requirement not make the rest apis reachable over internet. I am able to achieve the configurations you have suggested however, the apis are still reachable over internet. Please note that they are not accessible and throw authorization error. So, the question is - Can I stop rest apis from being reachable over internet while I want the end users to access the UI over internet?

mvp_badge
MVP

Hi Akshay,


Yes, you can restrict exposed REST APIs to Internal Access Only, like on the image below:

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.