This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How do you allow most devs to GET a resource, but limit who can POST, PUT and DELETE?

Posted on 07-29-2015 02:11 AM
Not applicable
Reply posted on --/--/---- --:-- AM

How can you make it so that only a few registered applications can post, put and delete a resource, but others can read? Do you have to create different products just to make this distinction between permissions?

Solved Solved
0 1 134
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
guy_hagemans
New Member
Reply posted on --/--/---- --:-- AM

So, on resource level you can still use the API Products. Although OOTB there is no validation on the HTTP Verb. So hopefuly you can distinguish the Verb by having different resources, but that might not be the case, such as;

GET /resources

POST /resource

An interesting solution to this might be this post, which doesn't even seem that much effort to implement:

https://community.apigee.com/articles/2514/how-to-restrict-api-resources-by-their-full-path-a.html

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
guy_hagemans
New Member
Reply posted on --/--/---- --:-- AM

So, on resource level you can still use the API Products. Although OOTB there is no validation on the HTTP Verb. So hopefuly you can distinguish the Verb by having different resources, but that might not be the case, such as;

GET /resources

POST /resource

An interesting solution to this might be this post, which doesn't even seem that much effort to implement:

https://community.apigee.com/articles/2514/how-to-restrict-api-resources-by-their-full-path-a.html

Jump to Solution