Skip to main content

How do I configure security on an API endpoint?

Objective: This article explains how to configure security/permissions on an API endpoint using the platform JWT security keys.

Steps:

  1. Navigate to the desired API endpoint path:
    • modules/<module>/contracts/api/paths/...
  2. Amend the security array.

The format for the security jwt keys is as follows:

<module>:<model>:<permission>

Note: `` is a wildcard.*

Here are some examples:

  • cus:org:a - Admin permission for organisations in the customers module.
  • trd:lis:w - Write permission for listings in the trading module.
  • sys:*:r - Read permission for anything in the system module.
  • log:car:* - Any permission for carriers in the logistics module.

Example:

'/path/to/endpoint': {
  post: {
    ...
    security: [
      {
        jwt: [
            'cus:org:r',
            'cus:org:w'
        ]
      }
    ]
  }
}