As part of AgilePoint NX v8.0 release announcements, the next feature we are going to take a look is around advanced security management features for Anonymous Forms. As you might already be aware, Anonymous Forms feature is used by application designers to create customer facing apps and expose them to the users outside your organization boundary without having to create separate login ID’s for each one of them.
However, since these forms are accessible outside the organization boundary, very strict security control is desired. A lot of these security features like two factor authentication, firewall configuration, allowed IP address range, tokenized URL using encryption etc. already existed for this feature from day 1. However, we are taking it one step further and allow app designer to specifically whitelist APIs allowed to be used with this external token.
The main use case of this feature is to provide security in case application designer by mistake gave more than required permission to the service account used in the access token for Anonymous Forms to call APIs beyond what were required on the form. As per the best practice, we highly recommend using a least privileged user for Anonymous Forms access token so that it can access only restricted APIs and when it is coupled with all the existing security mechanisms, you already get robust security. However there can be cases where you needed to use a high privileged user either by mistake or knowingly due to a use case and wanted additional security on top of what the high privilege user can do. The restrict API feature provides you just that.
Lets look at this feature in action.