Requests to scripted REST APIs respect platform ACLs, and the requesting user must meet any table ACL requirements to access instance data. Additionally, you can configure the scripted REST API to require a specific ACL.

Before you begin

Role required: web_service_admin

About this task

The ACLs selected in this task apply to all API endpoints.

Procedure

  1. Navigate to All > System Web Services > Scripted REST APIs.
  2. Select a scripted REST API.
  3. In the Default ACLs field, select one or more ACLs that meet the security needs for the API. Select only those ACLs that have a Type of REST_Endpoint.
    A requesting user must satisfy at least one of the selected ACLs. It is not necessary to satisfy all selected ACLs.
  4. Click Update.

What to do next

You can override the API security settings for each individual API resource/endpoint. For details, see Configure a scripted REST API resource to require an ACL.