RESTApps - Restrictions

REST API

Permit calls

If you check this box, you will be able to call the RestApp. This box is checked by default. Only uncheck it if you want to disable the RestApp for some reason.

Permission

Here you can set up different users/groups to have different permissions to call methods in the RestApp.

By default, logged-in users have GET permissions, meaning that all logged-in users have the right to call GET methods in a RestApp.

HTTP defines a set of request methods to indicate the desired action to be performed for a given resource

• GET - used to retrieve data
• POST - used to send data
• PUT - used to replace data
• DELETE - used to delete data

Cross-origin

Here you can set restrictions for "Cross origin" calls. You can specify the following:

• Do not allow from any domain
• Allow from all domains
• Allow only for specified domains. You can then add allowed domains to a list by clicking on the Add domain link.

Privileged position

An app can declare in its manifest that it wants access to use a Service User in its code. Read more about this at developer.sitevision.se

This also requires that Service Users are set up on the website.

Enable privileged mode

This mode can be used by WebApps/RESTApps to perform permission-controlled operations as a specific service user. Check this box to activate it.

Then select from the service users in the list (those set up on the website are displayed in the list).