Restricting Access to Exposed Orchestrations
If you expose orchestrations for business partners or customers to invoke, it is
recommended to use an http proxy to allow access to only the endpoints required to
execute the orchestration. Configure the proxy to restrict all endpoints except
/orchestrator
, /discover
,
/tokenrequest
, and /tokenrequest/logout
. This
allows external users set up with the proper UDO security to discover and call
orchestrations.