Last Updated: July 12, 2018
·
117
· wjgilmore

Restricting API Interaction Using DreamFactory Roles

One of the first things I do after generating a new REST API using DreamFactory is lock down access using a role. This is done by first creating a new service access definition within the Roles tab. For instance, in the following screenshot I'm creating a new role which restricts the role's API access capabilities to solely the service named mysql. Furthermore, I've only allowed GET requests to be handled by the API; POST, PUT, PATCH, and DELETE requests will be ignored.

roles.png