Does the security on the REST API work the same as the user interface? 
search cancel

Does the security on the REST API work the same as the user interface? 

book

Article ID: 261435

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Does the security on the API work the same as the user interface?  i.e.  A user can only see those projects where he has the rights to see and or read/update?  

Environment

Release : 16.0.3, 16.1, 16.1.1

Resolution

Clarity Access Rights also control what the user can do over the REST API

If the user tries to pull back / GET something they do not have View access rights to or if they try to update (PATCH/POST) something they do not have Edit access to, they will get this error

    "httpStatus""401",
    "errorMessage""API-1007 : You are not authorized to process request. Contact your system administrator for necessary security rights.",
    "errorCode""api.unauthorized"