Public and Trusted Methods

The "protection" property in pronghorn.json

To support public or trusted methods, a Developer must set the protection key at the root-layer inside of a method in pronghorn.json. Itential supports two values for this protection, which overrides the default authorization utilizing roles. Both values are explained below.

The first value is public which allows anyone, regardless of being an IAP user or not, to access the route. This value is the least secure option and should only be used for data that is deemed acceptable for public exposure.

The second value is trusted which allows anyone that is logged into IAP to access the route, regardless of groups or roles. This value is helpful for common methods used by all users which do not have specific authorization controls. For example, the GET /whoami route within IAP is required for all users, as it allows them to see information about themselves. This value is also more secure than “public” methods; however, it should be used sparingly as it bypasses the roles used within IAP.

Example Configuration

The following shows the protection property set to "authenticated".

{
      "name": "exampleMethod",
      "summary": "Example method",
      "description": "Example method",
      "roles": [],
      "route": {
        "path": "/method",
        "verb": "GET"
      },
      "input": [],
      "output": {
        "name": "method",
        "type": "object",
        "schema": {
          "title": "method",
          "type": "object"
          }
        }
      },
      "protection": "authenticated"
    },