Di Smith-Knowles (DianeSK)
Partner Delivery Success Manager - AMS PS & HCLS
Pegasystems Inc.
DianeSK Member since 2010 28 posts
Posted: December 15, 2020
Last activity: December 16, 2020
Posted: 15 Dec 2020 19:46 EST
Last activity: 16 Dec 2020 5:20 EST

LSA UI/UX: DX API - Security

How to handle URL tampering? Is there something Pega does automatically

URL will be completely different in Cosmos React. The Rest api will also be protected to NOT allow remote code execution.

I saw that DX Api starter pack serves only Basic authentication.

Yes – there is no plan to add other types of authentication in these started packs

I saw that DX Api starter pack serves only Basic authentication. Is there any way for us to make it work with SSO?

Yes – you can change how the authentication is handled

Do we have to use reverse proxy to mitigate same origin web page restriction?

No – the UI service should run in the same domain

Will there be a way for changing the security of the DX API OOTB? Nowadays, we have to specialize the services in a separate service package, maybe an option to have Oauth2.0 / JWT OOTB?

Service packages supports different types of authentication like OAuth or JWT token - this feature has been available for several years - https://community.pega.com/knowledgebase/articles/data-integration/accessing-pega-api-using-oauth-20

***Edited by Moderator: Pooja Gadige to add Developer Knowledge Share tag***
Pega Platform User Experience Lead System Architect Developer Knowledge Share