Flows should not be client callable
Impact area
Security
Severity
High
Affected element
Flows
Rule ID
SN-0428
Impact
Making a flow, subflow, or action client callable can lead to security risks as this may expose protected data or bypass validation logic. Flows, subflows, and actions must only be called by the FlowAPI within a server script.
Remediation
Disable the client callable option in the Manage Security view.
Time to fix
10 min