Create REST API access policy

Release version:
Washington DC
Yokohama
Xanadu
Vancouver
UpdatedFeb 1, 2024
3 minutes to read

Washington DC
Platform Security

Create an API access policy and map an authentication profile to restrict the authentication type for a REST API. For example, you can create an API access policy that allows only ID token authentication for a REST API.

Before you begin

Role required: admin
Make sure that an authentication profile is created. For more information, see Create an authentication profile.

Procedure

Navigate to All > System Web Services > REST API Access Policies.
Click New.

On the form, fill in the fields.

Search:

Table 1. API Access Policies
Field	Description
Name	Unique name of the API access policy.
Active	Option to make the API access policy active.
REST API	The REST API to which the access policy is applied. For example, Attachment API.
REST API PATH	API path of the REST API. This field is auto-populated based on the selected REST API. For example, now/attachment.
HTTP Method	Method used for interacting with the API. This field is auto-populated based on the selected REST API.
Version	Version of the API. For example, v1. This field is auto-populated based on the selected REST API. Note: If you want to create an authentication policy for all versions of a REST API, you must create individual policies for each version.
Resource	Child resource of the REST API. This field is auto-populated based on the selected REST API. For example, /now/attachment
Application	Scope of the application.
Global	Enable to apply auth policy to all methods, versions, and resources for the API.
Apply to all methods	Enable to apply auth policy for the API to all the methods, versions, and resources for the API.
Apply to all resources	Enable to apply auth policy for the API to all the versions.
Apply to all versions	Enable to apply auth policy for the API to all the resources.

Note: To understand more about the API access policy prioritization, see API access policy prioritization.

Double-click Insert a new row.
Select an inbound authentication profile from the list and click the save icon .
For example, you can add Basic Auth, ID Token, Certificate based Auth, OAuth or WSSE Auth.
1. To add one or more inbound authentication profiles, click New to create a new profile.
2. Choose What Kind of authentication profiles?.
  - Create standard http authentication profiles
  - Create WSSE authentication profiles
3. After creating the authentication profile, save the record.
Click Submit to submit the REST API access policy.

Was this topic helpful?

Yes No

Washington DC Platform security

Filters

Versions

Products

Create REST API access policy

Table of contents

Create REST API access policy

Log in to get a better experience

Please let us know how to improve this content

Save as PDF

Please let us know how to improve this content