Restricting Access to Exposed Orchestrations

If you expose orchestrations for business partners or customers to invoke, it is recommended to use an http proxy to allow access to only the endpoints required to execute the orchestration. Configure the proxy to restrict all endpoints except /orchestrator, /discover, /tokenrequest, and /tokenrequest/logout. This allows external users set up with the proper UDO security to discover and call orchestrations.