We’re implementing a use case where unauthenticated (external) users need to view and interact with the case journey in Pega — for example, to submit a request or application. However, in order to render the case UI, a case typically needs to be instantiated.

This results in a problem:

• Each unauthenticated user interaction creates a new case instance.

• There are currently no restrictions in place, so malicious users could potentially create thousands of cases, leading to system abuse and storage/performance issues.

Our key requirement is to show the case journey before validating or authenticating the user, but we want to avoid creating actual case instances until validation is complete.

Questions:

1. Is there a way in Pega to render a case journey (or part of it) without creating a case?

2. Are there any best practices or design patterns for this kind of scenario?

3. Would it make sense to use a temporary case or data page to collect input first, and only instantiate the actual case after validation?

We’d appreciate any guidance on how to implement this securely and efficiently.