Discussion Di Smith-Knowles (DianeSK) PEGA Partner Success Tech Lead - AMS Pegasystems Inc. US View Profile DianeSK Member since 2010 29 posts PEGA Posted: Dec 15, 2020 Last activity: Dec 16, 2020 Posted: 15 Dec 2020 19:46 EST Last activity: 16 Dec 2020 5:20 EST LSA UI/UX: DX API - Security Report How to handle URL tampering? Is there something Pega does automatically URL will be completely different in Cosmos React. The Rest api will also be protected to NOT allow remote code execution. I saw that DX Api starter pack serves only Basic authentication. Yes – there is no plan to add other types of authentication in these started packs I saw that DX Api starter pack serves only Basic authentication. Is there any way for us to make it work with SSO? Yes – you can change how the authentication is handled Do we have to use reverse proxy to mitigate same origin web page restriction? No – the UI service should run in the same domain Will there be a way for changing the security of the DX API OOTB? Nowadays, we have to specialize the services in a separate service package, maybe an option to have Oauth2.0 / JWT OOTB? Service packages supports different types of authentication like OAuth or JWT token - this feature has been available for several years - https://community.pega.com/knowledgebase/articles/data-integration/accessing-pega-api-using-oauth-20 ***Edited by Moderator: Pooja Gadige to add Developer Knowledge Share tag*** Pega Platform User Experience Lead System Architect Developer Knowledge Share Reply Like (0) Share Share this page Facebook Twitter LinkedIn Email Copy link Copying... Copied!