Disable all /o/api endpoints but one for a User

Jamie Sammons, modified 3 Years ago.

New Member Posts: 7 Join Date: 4/30/14 Recent Posts

For security reasons, I want to close all types of external access to the liferay APIs.
But for an external application (react) I want to give it access to certain endpoint.

My questions are:
Is it possible to disable all but one API access? How (broadly speaking, I'll find out how to do it)?

For a certain user:
I need to open external application access to GET /o/headless-admin-content/v1.0/sites/xxxxx/structured-contents

But I want to close other methods (POST etc) to this endpoint and all other endpoints
It's possible?

IMPORTANT: I don't need the solution, I just want to know if it's possible

Jamie Sammons, modified 3 Years ago.

RE: Disable all /o/api endpoints but one for a User (Answer)

Expert Posts: 348 Join Date: 2/12/15 Recent Posts

Yes, it's possible in the settings (that also can be configured with a properties file). It's in the Third Party category and there you can fully disable an API or just specific methods.

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

Disable all /o/api endpoints but one for a User