Create REST API access policy

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Create an API access policy and map an authentication profile to restrict the authentication type for a REST API. For example, you can create an API access policy that allows only ID token authentication for a REST API.

    始める前に

    Make sure that an authentication profile is created. For more information, see Create an authentication profile.

    Role required: api_service_admin, adaptive_auth_policy_admin

    手順

    1. Navigate to All > System Web Services > REST API Access Policies.
    2. Select New.
    3. On the form, fill in the mandatory fields and submit.
      API access policy fields
      注:
      You must reopen the submitted form to populate additional fields.
      表 : 1. API Access Policies
      Field Description
      Name Unique name of the API access policy.
      Active Option to make the API access policy active.
      REST API The REST API to which the access policy is applied. For example, Attachment API.
      REST API PATH API path of the REST API. This field is auto-populated based on the selected REST API. For example, now/attachment.
      HTTP Method Method used for interacting with the API. This field is auto-populated based on the selected REST API.
      Version Version of the API. For example, v1. This field is auto-populated based on the selected REST API.
      注:
      If you want to create an authentication policy for all versions of a REST API, you must create individual policies for each version.
      Resource Child resource of the REST API. This field is auto-populated based on the selected REST API. For example, /now/attachment
      Table The tables to which the API access policy applies. This option only applies to policies for the Table API.
      Application Scope of the application.
      Global Option to apply the policy to all methods, versions, and resources for the API.
      Apply to all methods Option to apply the policy to all the methods, versions, and resources for the API.
      Apply to all resources Option to apply the policy to all or the API resources.
      Apply to all versions Option to apply the policy to all or the API versions.
      Apply to all tables Option to apply the policy to all tables. This option only applies to policies for the Table API.
      Advertise all auth schemes Determines whether the WWW-Authenticate header includes all configured authentication schemes. When set to false (default), the header includes only the most recently configured authentication profile in the policy. When set to true, the header lists all configured authentication schemes.
      注:
      To understand more about the API access policy prioritization, see API access policy prioritization.
    4. Double-click Insert a new row.
    5. Select an inbound authentication profile from the list and select the save icon save icon.
      For example, you can add Basic Auth, ID Token, Certificate based Auth, OAuth or WSSE Auth.
      1. To add one or more inbound authentication profiles, select New to create a new profile.
      2. Choose What Kind of authentication profiles?.
        • Create standard http authentication profiles
        • Create WSSE authentication profiles
        • Create API Key authentication profiles
        • Create HMAC authentication profiles
        Authentication profile
      3. After creating the authentication profile, save the record.
    6. Select Submit to submit the REST API access policy.