https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1422561#M56772 <P>I would agree with <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/363906">@jcarlson</a>. And to take this one step further, if your Portal exists on the internets, it's being scanned and copied automatically by more people than you can shake a stick at and yell "get off my <STRIKE>lawn</STRIKE> network". Security is very important, and Esri has numerous recommendations surrounding this (<A href="https://community.esri.com/t5/arcgis-survey123-blog/securing-data-in-public-surveys-survey123-connect/ba-p/898436" target="_self">here</A> is a good one targeted at S123 to get started).</P><P>Essentially, you can assume people know that your server exists and where it exists. But you can prevent them from getting access to files they shouldn't see via security. Malicious means aside, that security should give you the privacy that you need.</P><P>If you want no one to know that your server exists, then you probably need it in an offline environment.</P> Thu, 09 May 2024 14:25:02 GMT abureaux 2024-05-09T14:25:02Z https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1420827#M56765 <P>Hi,</P><P>Is it possible to not have the rest endpoint visible that an Anonymous Suvery123 form utilizes?</P><P>Is there a way to only allow the Survey123 anonymous website to create the handshake with portal so the rest endpoint isn't visible?</P><P>What security measures has anyone else implemented for anonymous Survey123 sites that might be useful?</P><P>Regards,</P><P>Elliott</P> Thu, 09 May 2024 02:22:47 GMT https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1420827#M56765 ECarson 2024-05-09T02:22:47Z https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1421741#M56769 <P>As far as I know, there's not a good way to do this. Public is public, and there's not a way to prevent users from just watching their network traffic to see where their survey responses are going and copy the URL.</P><P>What is the security concern with the REST endpoint being visible? You can disable the query capability on the service to prevent anonymous users from <EM>seeing </EM>the data in the layer, and restrict editing to adding new features only.</P><P>You'll still be potentially vulnerable to your form / service getting spammed, but I don't think you can avoid that.</P> Thu, 09 May 2024 12:18:44 GMT https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1421741#M56769 jcarlson 2024-05-09T12:18:44Z https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1422561#M56772 <P>I would agree with <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/363906">@jcarlson</a>. And to take this one step further, if your Portal exists on the internets, it's being scanned and copied automatically by more people than you can shake a stick at and yell "get off my <STRIKE>lawn</STRIKE> network". Security is very important, and Esri has numerous recommendations surrounding this (<A href="https://community.esri.com/t5/arcgis-survey123-blog/securing-data-in-public-surveys-survey123-connect/ba-p/898436" target="_self">here</A> is a good one targeted at S123 to get started).</P><P>Essentially, you can assume people know that your server exists and where it exists. But you can prevent them from getting access to files they shouldn't see via security. Malicious means aside, that security should give you the privacy that you need.</P><P>If you want no one to know that your server exists, then you probably need it in an offline environment.</P> Thu, 09 May 2024 14:25:02 GMT https://community.esri.com/t5/arcgis-survey123-questions/hide-rest-endpoint-that-is-currently-exposed-for/m-p/1422561#M56772 abureaux 2024-05-09T14:25:02Z