Configure a scripted REST API resource to require an ACL

Yokohama API Reference

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama API Reference

ft:clusterId

crapiref

bundleId

crapiref

workflow

Creator

Configure a scripted REST API resource to require an ACL

Release version: Yokohama

Updated January 30, 2025

1 minute to read

By default, API resources/endpoints inherit security settings from the parent API. Define custom ACLs for a specific resource/endpoint to override the inherited settings.

Before you begin

Role required: web_service_admin or admin

About this task

ACLs are checked for an authenticated user only.

Procedure

Navigate to All > System Web Services > Scripted REST APIs.
Select a scripted REST API.
In the Resources related list, select a resource.
In the Security tab, select the Requires authentication check box.
You must select this check box to require an ACL for the resource. If you clear this check box, the resource becomes public and requires no credentials. Clear this check box only if you want to allow unauthenticated requests to access the resource, even if the parent REST service requires an ACL.
Select the Requires ACL authorization check box.
In the ACL field, select one or more ACLs that meet the security needs for the endpoint.
Select only those ACLs that have a Type of REST_Endpoint. Only users who have roles defined in the selected REST_Endpoint type ACL are granted access to this resource.
Selecting an ACL for a resource overrides any ACLs selected for the parent web service. Leave this field blank to use the ACLs selected for the parent web service.