Can we set "internal" variables in the process instance?

Hello
Is there a possibility to set an “internal” variable in the process instance, i.e a variable which cannot be read from the Rest API?
For example I want to set the initiator of the process in a variable, but I do not want someone to be able to read or change this from the rest api

Thanks in advance

Hi @jaxx

Could you explain why you need this? I don't think it's possible to achieve such behavior.

In some cases I would like to set a variable in a script task or in a listener and to use this variable later in the process.
But I do not want someone from outside using the rest api to be able to change this variable.

I’m really not sure if will be able to achieve this with a good approach. However, I’m wondering what’s your scenario in terms of who/what have access to the engine REST API.

The people building the UI for the application (for example the task list) will use the REST API to start or complete tasks or set some variables in the process which are needed for finding the process in the task list or for correlating messages.
However, if the process itself sets some other variables for internal use - e.g variables calculated by some services, which can be used for branching logic later in the process, there is no reason these variables to be visible outside of the process itself (i.e to be visible outside of the code, which is executed on the server).

I think process variables, regardless of the scope they live, are designed to hold information that might be updated at any time by forms or API calls. Maybe here we are talking about information that should be managed by some other architectural component or even in a stateless manner. i.e. stateless external service requests instead of holding the information within processes variables.
But, I might be wrong and there is a way to protect variables that I’m not aware.