2 Replies Latest reply on Aug 1, 2018 7:14 AM by Hellyson Lima

    REST API - Transaction Restriction

    Hellyson Lima
      Share This:

      Hi member....


      Once configured and enabled REST API, is it possible to restrict some operation? For example:

      • Only enable the GET operation for a list of forms?
      • Only enable the PUT operation for a list of form and just for some fields?
      • Only allow users with a specific permission to connect via REST?
      • Create a basic qualification for some GET operations?


      These are just examples, but we have other situations in our environment.

        • 1. Re: REST API - Transaction Restriction
          LJ LongWing


          The short answer is 'permissions'.  The long answer is no.


          The Rest API doesn't allow you to restrict 'only get' or 'only put on these fields'....The rest API is a rest implementation of the Java API, which allows you to do an astonishingly large amount of things, if you simply know how to use the API....the Rest interface simplifies it so that doing things with data in your Remedy system through API is actually relatively simple....due to the fact that it's little more than an implementation of the Java API....it is simply a way to manipulate data that you have access to manipulate....so, if you want to restrict access to things at the API level, you need to look at permissions and what people have access to do and restrict it at the permission model level....if a user shouldn't have the ability to create records in form X, then they shouldn't have permission to do so...if users shouldn't have access to data in a particular form, then they shouldn't have permissions to do so....


          There are SOOOOO many places in the system where a user has permission to see what's there, that if the average administrator KNEW the users could access it they might flip out....that's not to say that the permission are lax, it's just more than most realize....so....permissions are your friend and need to be applied properly to your system.

          1 of 1 people found this helpful
          • 2. Re: REST API - Transaction Restriction
            Hellyson Lima

            Thanks LJ... although the answer didn't so good for me and my environment, cleared my thoughts


            Here, we have lots of customizations using web services to manipulate Work Orders, and some of then, we restrict some actions, like just list or just modify some fields. Using WS we can do that, but, we need a third party (Mid Tier). I would like to do this using REST API. As isn't possible, I will change some customization to use a thirt form and restrict the permissions in this form.


            Again, very thank