Disable all /o/api endpoints but one for a User

Message Boards

Juan Miguel Imaz, modified 2 Years ago.

Disable all /o/api endpoints but one for a User

New Member Posts: 7 Join Date: 4/30/14 Recent Posts

For security reasons, I want to close all types of external access to the liferay APIs.
But for an external application (react) I want to give it access to certain endpoint.

My questions are:
Is it possible to disable all but one API access? How (broadly speaking, I'll find out how to do it)?

For a certain user:
I need to open external application access to GET /o/headless-admin-content/v1.0/sites/xxxxx/structured-contents

But I want to close other methods (POST etc) to this endpoint and all other endpoints
It's possible?

IMPORTANT: I don't need the solution, I just want to know if it's possible

Javier Gamarra, modified 2 Years ago.

RE: Disable all /o/api endpoints but one for a User (Answer)

Expert Posts: 348 Join Date: 2/12/15 Recent Posts

Yes, it's possible in the settings (that also can be configured with a properties file). It's in the Third Party category and there you can fully disable an API or just specific methods.