Disable all /o/api endpoints but one for a User https://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=121251549 2026-04-07T05:36:41Z 2026-04-07T05:36:41Z Javier Gamarra https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=121252157 2021-11-17T18:16:05Z 2021-11-16T22:42:01Z

<p>Yes, it's possible in the settings (that also can be configured with a properties file). It's in the Third Party category and there you can fully disable an API or just specific methods.</p>

Javier Gamarra 2021-11-16T22:42:01Z Juan Miguel Imaz https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=121251548 2021-11-16T17:29:01Z 2021-11-16T14:25:42Z

<p>For security reasons, I want to close all types of external access to the liferay APIs.<br /> But for an external application (react) I want to give it access to certain endpoint.</p> <p>My questions are:<br /> <strong>Is it possible to disable all but one API access?</strong> How (broadly speaking, I'll find out how to do it)?</p> <p>For a certain user:<br /> <strong>I need to open external application access to GET</strong> /o/headless-admin-content/v1.0/sites/xxxxx/structured-contents</p> <p>But I want to close other methods (POST etc) to this endpoint and all other endpoints<br /> <strong>It's possible?</strong></p> <p> </p> <p> <strong>IMPORTANT: I don't need the solution, I just want to know if it's possible</strong></p>

Juan Miguel Imaz 2021-11-16T14:25:42Z