The API endpoints have automatic permission checking if you provide the policy key and permission type in the setup. You can either use the setPolicy function for the whole service or you can define different policies for each endpoint. You can provide any combination of policy:permission (VIEW, INSERT, UPDATE, DELETE or EXECUTE).

    "name": "InserirCliente", 
    "method": "POST", 
    "path": "/v1/clientes", 
    "policy": "inpaas.app4test.client:INSERT" 
}, function() {  /* source code goes here */ });

You can also define which type of Authorization token is allowed. You can either limit access to logged in users within the application:

RESTService.allowAuthorization([ "WebSession" ]);

Or you can limit access from an integration endpoint using Basic authorization handlers:

RESTService.allowAuthorization([ "Basic", "OAuth2" ]);

Anonymous Access

It is possible to enable anonymous access to a REST Service by checking the 'anonymous' field in the context menu.

Note that even when enabling a REST Service for anonymous access, it is still possible to block access to specific endpoints by setting the 'allowAnon' attribute, using the following syntax:

    "name": "defaultGet", 
    "method": "GET", 
    "path": "/{id}" , 
    "allowAnon": false 
}, ["id", "name", doGet ]);