Enforce and test access controls

Enforce existing access controls and require additional access to modify data.

In addition to requiring authentication to access the API, require authorization to access data. Use the GlideRecordSecure API in your Scripted REST API scripts. This API ensures that access controls defined on the underlying data are applied for the requesting user.

Require additional access controls for operations that modify data. Requests such as PUT, POST, and DELETE should require a higher level of access than GET. Configure these API resources to require a more strict ACL.

Test your access controls, both authentication and authorization, before releasing the API.