I've talked to customer support and they are saying that data policy works as expected (it will affect record producers as well).

Do you think it would be possible to approach this using Business Rules? Perhaps a script that checks if session is non interactive then it will set certain fields as mandatroy?

Hi Jim,

That's what I thought. The data policy is universal (not determinant on interactive/non-interactive.

That being said, a business rule could do the check before the record is created to check gs.isInteractive() and recognize whether it is coming from a user or REST API. The BR cannot make a field mandatory, but it can check for null/empty values and throw an error (gs.addErrorMessage()) for unpopulated fields (which is what a mandatory check does anyway.)

Note: You'll want to check this on the portal as well. I believe (but haven't verified) that Service Portal interactions come in via REST.

So I know this thread is 3 years old but I just had the same concern and I solved it using a data policy where the condition was as shown below.  it does however require that the only user accounts using the REST APIs are flagged as web service access only users.  Users coming through the Catalog using a record producer would not be web service only accounts.  At least not in our environment.