Public and Trusted Methods
  • 21 Mar 2024
  • Dark
    Light
  • PDF

Public and Trusted Methods

  • Dark
    Light
  • PDF

Article summary

The "protection" property in pronghorn.json

To support public or trusted methods, a Developer must set the protection key at the root-layer inside of a method in pronghorn.json. Itential supports two values for this protection, which overrides the default authorization utilizing roles. Both values are explained below.

The first value is public which allows anyone, regardless of being an IAP user or not, to access the route. This value is the least secure option and should only be used for data that is deemed acceptable for public exposure.

The second value is trusted which allows anyone that is logged into IAP to access the route, regardless of groups or roles. This value is helpful for common methods used by all users which do not have specific authorization controls. For example, the GET /whoami route within IAP is required for all users, as it allows them to see information about themselves. This value is also more secure than “public” methods; however, it should be used sparingly as it bypasses the roles used within IAP.

⚠ When overriding the protection key in IAP 2023.1 and 2023.2, you must NOT have any roles defined on the method. Those roles will no longer be useful, and it would only add confusion around which authorization scheme is required. By default, role-based authorization is used if the protection property is not set.

Example Configuration

The following shows the protection property set to "authenticated".

{
      "name": "exampleMethod",
      "summary": "Example method",
      "description": "Example method",
      "roles": [],
      "route": {
        "path": "/method",
        "verb": "GET"
      },
      "input": [],
      "output": {
        "name": "method",
        "type": "object",
        "schema": {
          "title": "method",
          "type": "object"
          }
        }
      },
      "protection": "authenticated"
    },

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.