Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Consider the following API request:

GET www.examples.org/api/webaccounts

The user making the request will only see their own web account listed. For example, if I am authenticated as the test user when making the request, the response will only contain the test web accountWhen the GET /webaccounts API is called, only one web account is returned in the resource object. For example:

No Format
{ "_embedded":{ "webaccounts":[ { "name":"Test Account", "_links":{ "self":{ "href":"httphttps://127www.0examples.0.1org/api/webaccounts/test" } } } ] }, "_links":{ "self":{ "href":"httphttps://127www.0examples.0.1org/api/webaccounts" }, "apiEntryPoint":{ "href":"httphttps://127www.0examples.0.1org/api" } } }

No Format

{
   "_embedded":{
      "webaccounts":[
         {
            "name":"Test Account",
            "_links":{
               "self":{
                  "href":"httphttps://127www.0examples.0.1org/api/webaccounts/test"
               }
            }
         }
      ]
   },
   "_links":{
      "self":{
         "href":"httphttps://127www.0examples.0.1org/api/webaccounts"
      },
      "apiEntryPoint":{
         "href":"httphttps://127www.0examples.0.1org/api"
      }
   }
}

This might lead one to ask why the other web accounts aren't listed. The reason is because the SRP HTTP Framework doesn't include a way to authorize one web account has having more permissions than another web account. Since all web accounts are equal with regard to the Web Accounts API, the API logic will prevent one user from having access to another user's web account data.

A developer could update the built-in authentication (web account) framework to support simple or complex authorization.

Content

Space Tools

Versions Compared

Old Version 2

New Version 3

Key