REST API - permission to access endpoint?
Is it a good practice to add permission to access endpoint?
For example
POST /permissions {method: "GET", resource: {href: "^/users/(\d+)$"}}
-> {href: "/permissions/12345", id: 12345}
POST /roles/123/rolePermissions {permission: {id: 12345}}
and after this check the permission with the given pattern...
If this is not okay, then what are the best practices?
No comments:
Post a Comment