If users change specific parameters in the mashup code and want to run the application on the host page, the server responds with HTTP status 403. The browser displays the following message: Unregistered mashup request for channel : <<channel ID>>.

When you implement a web mashup, the system authenticates the HTTP request before streaming back the application that is displayed in the Pega gadget on an external web page. If users modify any of the parameters that the system validates, the system detects access violation and displays the error page.

If the pyBlockUnregisteredRequests when rule is set to true, and the system receives an HTTP request with the isWebMashup=true parameter and a valid ChannelID parameter, the system validates the parameters for the mashup channel in the following order:

1. pyActionNameWhen
2. pyActivity (which you set to @baseclass.doUIAction for all the mashup actions, except for the openWorkByURL action)
3. pyHasDynamicParams
   • If the mashup is configured with pyHasDynamicParams=true, the system does not validate action parameters or custom parameters.
   • If the mahsup is configured with pyHasDynamicParams=false, the system validates the corresponding action parameters. If the mashup contains custom parameters, the system validates also the custom parameter key and value that are configured in the mashup channel.

     If you modify any of the action or custom parameters, the system displays an error message.

The system validates the following properties in the mashup channel against the HTTP request parameters received for the corresponding action:

1. Restore the mashup configuration:
   • If you have the original values of the parameters that the system validates, restore the original parameter values.
   • If you do not remember the original values of the parameters that the system validates, regenerate and redeploy the mashup code. For more information, see Creating a mashup.