跳转至

Currently supported features(当前支持的功能)

You can call a limited set of ontology operations from a Public Application. While the currently supported set of operations is intentionally small, the list of supported operations will expand as broader observability and rate-limit controls are released.

Supported operations

The following ontology operations are callable from a Public Application:

Operation Description Restrictions
Get Ontology full metadata Retrieves the full metadata of the ontology, including object types, link types, action types, queries, and interfaces. None.
Load Ontology metadata Retrieves the metadata for a specific subset of the ontology specified in the request body. None.
Apply Action Applies an action with the provided parameters and writes the result to the ontology. Function-backed actions are blocked. Neither batch action application nor webhooks are supported.
Load Object Set Loads ontology objects from a provided object set definition. Supports loading many objects, a single object by primary key, and a linked object. SearchAround, FilteredObjectSets, and orderBy clauses are not supported.

Not currently supported

The following features are explicitly not callable from a Public Application:

  • All function executions, including queries, function-backed actions, and function-backed batch actions.
  • Aggregations and search, including searchObjects and aggregateObjects.
  • Complex search-arounds and derived properties.
  • Interfaces in your ontology.
  • Attachments, both upload and download.
  • Media, both upload and download.
  • Time series streaming endpoints, including streamAllPoints and streamValues.

Additionally, you cannot call any non-ontology platform APIs, such as those used for platform administration, model creation, schedule orchestration, or chatbot interactions, from a Public Application.

Why these limits exist

Every endpoint a Public Application exposes is reachable by anyone who meets the application's ingress policies, which can be as broad as the open internet. The supported set is restricted to operations whose cost is bounded and whose data shape is predictable, ensuring abuse on the public surface cannot cause unbounded compute spend or exfiltrate unintended data.

Function-driven workflows are excluded for the same reason: a malicious user could construct expensive queries against your enrollment's compute resources. If your workflow requires heavier processing on data submitted through a Public Application, perform that processing asynchronously inside Foundry. As an example, you can configure a non-function-backed action to write the submission, then use Automate to react to the new objects on a controlled cadence.

Exceptions and future development

If your workflow depends on operations outside the supported set, contact Palantir Support. Exceptions are evaluated case by case, and any exception still requires use case approval from an Information Security Officer in your enrollment before enablement. The supported set will grow as the platform releases:

  • Per-application compute observability to detect abuse early.
  • Stronger rate-limiting controls beyond the current per-application limits.

The roadmap is intentionally conservative: a Public Application is the first place an enrollment's data and compute can be reached without a Foundry account, so the platform only enables additional functionality when the protections necessary to keep that surface safe are in place.


中文翻译

当前支持的功能

您可以从公共应用中调用有限的本体论(Ontology)操作集。虽然当前支持的操作集有意保持较小规模,但随着更广泛的可观测性和速率限制(Rate-limit)控制的发布,支持的操作列表将逐步扩展。

支持的操作

以下本体论(Ontology)操作可从公共应用(Public Application)中调用:

操作 描述 限制
获取本体完整元数据 检索本体的完整元数据,包括对象类型、链接类型、操作类型、查询和接口。 无。
加载本体元数据 检索请求体中指定的本体特定子集的元数据。 无。
应用操作 使用提供的参数应用操作,并将结果写入本体。 函数支持的操作(Function-backed actions)被阻止。不支持批量操作应用和Webhook。
加载对象集 从提供的对象集定义中加载本体对象。支持加载多个对象、通过主键加载单个对象以及加载链接对象。 不支持SearchAroundFilteredObjectSetsorderBy子句。

当前不支持的功能

以下功能明确不可从公共应用(Public Application)中调用:

  • 所有函数执行,包括查询、函数支持的操作和函数支持的批量操作。
  • 聚合和搜索,包括searchObjectsaggregateObjects
  • 复杂搜索和派生属性
  • 本体中的接口。
  • 附件,包括上传和下载。
  • 媒体文件,包括上传和下载。
  • 时间序列流式端点,包括streamAllPointsstreamValues

此外,您无法从公共应用(Public Application)中调用任何非本体的平台API,例如用于平台管理、模型创建、调度编排或聊天机器人交互的API。

这些限制存在的原因

公共应用(Public Application)暴露的每个端点都可以被任何满足应用入口策略(Ingress policies)的人访问,这些策略的范围可以广至开放互联网。支持的操作集仅限于成本可控且数据形状可预测的操作,从而确保公共面上的滥用行为不会导致无限制的计算支出或泄露非预期数据。

函数驱动的工作流被排除在外也是出于同样的原因:恶意用户可能会针对您的注册(Enrollment)计算资源构建昂贵的查询。如果您的工作流需要对通过公共应用(Public Application)提交的数据进行更重的处理,请在Foundry内部异步执行该处理。例如,您可以配置一个非函数支持的操作来写入提交内容,然后使用自动化以受控的频率对新对象做出响应。

例外情况和未来发展

如果您的工作流依赖于支持集之外的操作,请联系Palantir支持。例外情况将逐案评估,任何例外在启用前仍需获得您注册(Enrollment)中信息安全官的用例批准。随着平台发布以下功能,支持集将逐步扩大:

  • 针对每个应用的计算可观测性,以便及早检测滥用行为。
  • 比当前每个应用限制更强的速率限制(Rate-limiting)控制。

路线图有意保持保守:公共应用(Public Application)是无需Foundry账户即可访问注册(Enrollment)数据和计算的第一个场所,因此平台仅在必要的保护措施到位以确保该表面安全时,才会启用额外功能。