I have deployed a couple surveys to our ArcGIS Enterprise 10.6.1. When filling out the survey through the web, the url is something like:
When looking at Chrome developer tools, it seems like the survey123.arcgis.com website is just for the JS and CSS parsing of the form tables, but data submitted through the survey does not go through survey123.arcgis.com, just all through the applyEdits endpoint of the feature service. Is that correct? Is there any documentation regarding Survey123 for the security minded folks in our organization, because having the survey123.arcgis.com website in the URL raises some eyebrows.
Is there any way around having to use a public url to submit the form? Is the only way using one of the native mobile apps or Survey123 connect? We don't work in an entirely disconnected env., but any documentation that speaks to limiting the amount of external traffic when viewing and submitting forms will go a long way with our security folks.
The main issue is, even though data might NOT get passed through survery123.arcgis.com when submitting to ArcGIS Enterprise, we have no control over that, and at some point Esri _could_ decide to capture this data, because we're accessing the form through survey123.arcgis.com.