Appian restricts connections to the data service's HTTP endpoints by authenticating requests with a security token. Unauthenticated requests could be made after an unauthorized network intrusion or by a security application that scans the HTTP endpoints. When a unique security token is used, only trusted systems are permitted to make calls to the data service.
The security token must be set by the administrator during the Appian installation or upgrade.
To properly set the token, a data-server-sec.properties file must be created in both the <APPIAN_HOME>/conf and <APPIAN_HOME>/data-server/conf directories for each node in the Appian installation. For each data-server-sec.properties file that was created, the dataserver.password property must be set to the same value across each node where the application server or data service is installed.
Caution: Registering an environment with the configure script creates a data-server-sec.properties file with a unique dataserver.password property value. For a distributed installation of Appian, this script must be run on each node of the distributed environment and so the generated dataserver.password property value will be distinct on each node.
Make sure to update the dataserver.password property value to be the same value on each node so that the dataserver.password is consistent across the distributed environment. If this is not done, the data service will not be able to start and the application server will not be able to connect to the data service.
