Home » Support » Community Server » Community Server 2007 » Customer Questions » What permissions are required to acess the REST API?

What permissions are required to acess the REST API?

Open Support Ticket

Call Support:
Direct: (214) 420-1337
Toll Free: (877) 522-6334

Monday through Friday
8 a.m. to 6 p.m. Central (GMT-6)

Join our Community
Details
  • 1 Reply
  • 1 Subscriber
  • Postedover 3 years ago
Options

What permissions are required to acess the REST API?

This question is answered
Gavin Cope
Posted by
on Thu, Nov 19 2009 12:49 AM

I'm doing some POC work around client-side widgets that access data inside Community Server using the REST APIs. I'd like to know what is the minimum level requirements in terms of permissions on a role/user for that user to be able to read information using the REST APIs. We'd preferably like to allow only read access (e.g. display a list of forums) and deny write access (e.g. create a new forum thread) if possible.

Thanks in advance.

Gavin

AJAX permissions
Verified Answer
  • DanBartels
    Posted by
    on Thu, Nov 19 2009 8:37 AM
    Verified Answer
    Verified by

    The REST api must be enabled on your site, you then choose which "roles" have access to use the rest API..  The API itself leverages a users permissions, as such a user can do anything via the api that they could do on your site.

    If you had a non user specific permission set in mind...  IE like the same stuff that the anonymous user could read on your site, you could create a specific user to use for rest, give only that user an APIKey which would be embedded in your application, and deny that user write permission to your site...  Doing this would have all the "Rest Widgets" logging in as this specific user, which did not have post permissions.

    Dan
All Replies
  • DanBartels
    Posted by
    on Thu, Nov 19 2009 8:37 AM
    Verified Answer
    Verified by

    The REST api must be enabled on your site, you then choose which "roles" have access to use the rest API..  The API itself leverages a users permissions, as such a user can do anything via the api that they could do on your site.

    If you had a non user specific permission set in mind...  IE like the same stuff that the anonymous user could read on your site, you could create a specific user to use for rest, give only that user an APIKey which would be embedded in your application, and deny that user write permission to your site...  Doing this would have all the "Rest Widgets" logging in as this specific user, which did not have post permissions.

    Dan