- Getting Started
- Demo apps
- How To
- Notifications
- Using VB Expressions
- Designing your App
- Designing your App with Autopilot
- Events and Rules
- Rule: If-Then-Else
- Rule: Open a Page
- Rule: Open URL
- Rule: Close Pop-Over/Bottom Sheet
- Rule: Show Message
- Rule: Show/Hide Spinner
- Rule: Set Value
- Rule: Start Process
- Rule: Reset Values
- Rule: Upload File to Storage Bucket
- Rule: Download File From Storage Bucket
- Rule: Create Entity Record
- Rule: Update Entity Record
- Rule: Delete Entity Record
- Rule: Add to Queue
- Rule: Trigger workflow
- Rule: Submit Action
- Leveraging RPA in your App
- Leveraging Entities in Your App
- Leveraging Queues in Your App
- Leveraging Media in your app
- Leveraging Actions in your app
- Leveraging Connections in your apps
- Web apps in Studio Web
- Application Lifecycle Management (ALM)
- UiPath® First-Party Apps
- Basic Troubleshooting Guide
Apps User Guide
Public Apps
You can use UiPath® Apps to create apps that are available to users outside of Automation CloudTM.
This opens up new opportunities for your app, such as:
- Creating a timesheet for external vendors.
- Creating a form where users can submit their taxes reports and process them using Document Understanding.
- Creating a form to reset a passwords or change the address.
- Retrieve data from a legacy system.
- Creating a form where users can submit feedback.
The following rate limits apply for public apps:
- Number of
GET
requests allowed in a 5 minute period per IP:1000
- Number of
POST
requests allowed in a 5 minute period per IP:1000
- Number of
GET
requests allowed in a 5 minute period per Organization:1000
-
Number of
POST
requests allowed in a 5 minute period per Organization:15000
All other HTTP methods have lower limits but with minimal impact as they are used occasionally.
You need the Organization Admin role to create a public facing app.
Users on Enterprise license plans need Apps Units to create public apps.
Use the following steps in UiPath® Apps to create and publish your external app:
- Go to the UiPath® Apps homepage and create a new app.
- In the app creation dialog, mark the
Public App checkbox.
Note:You can also make an existing app public from the Manage access tab. -
Build your desired app.
- Publish the app.
-
Deploy the app to an Orchestrator folder:
-
Go to Automations > Apps.
-
From the App dropdown, select the app to deploy.
-
From the Version dropdown, select the specific app version you want to deploy.
-
Optionally, enter a Display name or a Description for your app.
-
Click Deploy.
More details here ...
-
public
in the Production URL.
UiPath-Apps
prefix.
To configure the public app as an external app:
-
Assign the proper roles for your external app at both tenant and folder levels. To identify the desired app, look for the
UiPath-Apps
prefix, and create new roles with the following permissions:Resource
Permissions to set at tenant level
Permissions to set at folder level (*)
Webhooks
View, Create
x
Jobs
x
Create
Storage files
x
View, Create
Storage buckets
x
View
Queues
x
View
Transactions
x
Create
-
If you have
Read
rights for the Data Service component, public apps works by default with Data Service. If you needWrite
permission, theData.Writer
permission needs to be provided for the public app. For more information on Data Service components, check the Managing access page from the Data Service guide.Note: When using entities with public apps, make sure to provide only the relevant permissions in Data Service. A good way to do that is to create a specific role and provide specific permissions that are needed. Avoid usingRead
permissions for entities that have information that should not be exposed externally.GrantView
andEdit
permissions for an entity only if you are comfortable with all users of that app accessing the data in that entity. -
Add your external app to both a tenant and a folder.
To validate that your external app has the proper roles:
-
Go to Orchestrator > Tenant > Manage Access.
-
Identify your app in the list by searching after the
UiPath-Apps
prefix. -
For the desired app, click More Actions, then select Check roles & permissions.
-
Unfold the roles to see and validate the assigned permissions.
Public Apps is a powerful feature in UiPath® that allows customers to expose their automations to users outside their organization. To ensure the security, privacy, and optimal performance of these applications, it is essential to follow the best practices described below:
-
Review permissions and access controls: Take the time to carefully inspect the permissions and access controls for all the dependencies your Public App relies on.
-
Follow the Principle of Least Privilege (PoLP): Grant the minimum set of permissions required for your Public App to function correctly. This reduces the risk of unauthorized access and data breaches.
-
Validate user input: Implement proper input validation to safeguard your app from malicious data and ensure it processes information safely.
-
Perform security audits regularly: Periodically audit and update the access controls and permissions of your Public App to keep them in line with the security and privacy policies of your organization.
-
Provide clear instructions: Make user experience a priority by offering clear, concise, and helpful instructions on how to use your Public App effectively.
-
Implement error handling: Design your Public App to gracefully handle errors and protect sensitive data in case of unexpected issues.
-
Monitor activity: Regularly review anonymous user activity and performance of the app to identify potential security threats and facilitate incident response.
-
Follow secure coding practices: Adhere to established coding standards and best practices to minimize the risk of security vulnerabilities in your Public App.
-
Don't store sensitive data: Refrain from storing user sensitive information, such as social security numbers, billing details, or any other confidential data in Data Service.
-
Don't grant excessive access: Do not provide a Public App Read permission to an entity unless you want all app users to access all the data within it.
-
Don't solely rely on query filters: Using query filters with Data Service does not guarantee record-level security or privacy.
-
Don't expose sensitive information in error messages: Ensure that error messages never reveal sensitive data or provide hints that could be exploited by potential attackers. Keep error messages safe and generic.
-
Don't use hard-coded credentials: Avoid embedding sensitive credentials or API keys directly in the app code. Instead, opt for secure methods of storing and retrieving these values.
-
Don't neglect testing: Prior to deployment, thoroughly test your Public App for security vulnerabilities, functionality, and performance. Ensure that it meets the highest security standards to protect both your users and your application.