This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How do you allow most devs to GET a resource, but limit who can POST, PUT and DELETE?

Posted on 07-29-2015 02:11 AM
Not applicable
Reply posted on --/--/---- --:-- AM

How can you make it so that only a few registered applications can post, put and delete a resource, but others can read? Do you have to create different products just to make this distinction between permissions?

Solved Solved
0 1 158
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
guy_hagemans
New Member
Reply posted on --/--/---- --:-- AM

So, on resource level you can still use the API Products. Although OOTB there is no validation on the HTTP Verb. So hopefuly you can distinguish the Verb by having different resources, but that might not be the case, such as;

GET /resources

POST /resource

An interesting solution to this might be this post, which doesn't even seem that much effort to implement:

https://community.apigee.com/articles/2514/how-to-restrict-api-resources-by-their-full-path-a.html

View solution in original post

Jump to Solution
1 REPLY 1
Top Solution Authors
View all