Endpoint access
Endpoint access is defined by API roles. An API role is a list of endpoints, operations, and fields that are available to a set of callers when triggering Cloud API calls. For example, API roles determine the following:
- What endpoints and resource types are available to the
caller?
- For example, can a given caller access the
/activities
endpoint?
- For example, can a given caller access the
- What methods can a caller call on the available endpoint?
- For example, can a caller execute both a GET and a POST on the
/activities
endpoint?
- For example, can a caller execute both a GET and a POST on the
- What fields can the caller specify in a request payload or get in a response payload?
- For example, can a caller include the
priority
field in a POST/activities
or retrieve theassignedUser
in a GET/activities
?
- For example, can a caller include the
Note: PolicyCenter includes an "unrestricted user". This user
behaves as if it has all permissions. (In the base configuration, the unrestricted user is
su
.) The unrestricted user is not bound by endpoint access. Any
authenticated call from the unrestricted user automatically have access to all
endpoints.