You are viewing limited content. For full access, please sign in.

Question

How to Disable the Workflow GET End Point

Workflow

Updated December 6, 2018

asked on December 4, 2018 • Show version history

Hello,

Can I disable the GET listeners without breaking anything and how do I do this.

https://myserver.com/Workflow/api/workflow/parameters/{WORKFLOWNAME}

-Ben

0 0

Replies

replied on December 4, 2018

You can probably add an IIS redirect rule that sends all calls to some page on that server. Keep in mind that Forms uses that API for validating workflows.

Why do you want to disable it?

0 0

replied on December 6, 2018

I'm looking for ways to secure the REST API, given the interfaces, variables and documentation can be so easily enumerated.

If I implement two-way TLS with IIS, will that break the web, win, mobile and forms clients? I presume not but will need to test (or get an answer from LF).

Pre-shared keys work but not for LF clients. For LF clients I can use the rulename to try to detect a genuine call to the REST API but the rulename for each LF application is universal and I don't know how to change it.

0 0

You are not allowed to follow up in this post.

Sign in to reply to this post.

Asked December 4, 2018
Updated December 6, 2018
86 views