You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

Runtime protection

Out-of-the-box, Blueriq comes with an in-memory authentication provider. This default implementation should be used for development purposes as they store the credentials in plain text on the file system. To configure an authentication provider for production purposes, please read Runtime Authentication and HTTP Security in Runtime.

Default exposed endpoints

The following list contains all endpoints that are exposed in Blueriq by default.

Note that everything behind /server/** may not be blocked.

Endpoint

Method

/GET
/displayNamesPUT
/endpointsGET
/endpoints/{name}GET
/projectsGET
/projects/{id}GET
/projects/{id}/metadataGET

/shortcuts

GET

/shortcuts/{name}

GET
/caseEventsGET
/caseEvents/{eventId}GET
/caseEvents/{eventId}POST

/cases

GET
/cases/{caseId}GET
/cases/{caseId}/attributesGET
/endpointsGET
/endpoints/{name}GET

/tasks

GET

/tasks/{taskId}

GET

/tasks/{taskId}

PUT
/tasks/{taskId}/customFieldsGET

/api/v1/api-docs

GET
/session/{sessionId}/api/authentication/logoutGET
/session/{sessionId}/api/document/{type}/{documentName}/{pageName}

GET

/session/{sessionId}/api/image/{imageName}GET
/session/{subscriptionId}/api/subscribePOST
/session/{sessionId}/api/subscribe/{subscriptionId}POST
/session/{sessionId}/api/subscription/{subscriptionId}/handleEventPOST
/session/{sessionId}/api/subscription/{subscriptionId}/startFlow/{flowName}POST
/session/{sessionId}/api/utility/keepAliveGET
/session/{sessionId}/api/dmn/{entityName}/{instanceId}/{attributeName}GET
/session/{sessionId}/filedownload/{connectionName}/{fileId}/GET
/session/{sessionId}/api/widget/{infoKey}POST

In case some of them are unnecessary they should be blocked by the firewall.

 

  • No labels