For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI referenceRelease notes
DocumentationAPI referenceRelease notes
  • Platform On-Prem
    • Overview
    • Navigate
    • Search resources
      • Adapter API routes
      • Adapter degraded status
      • Broker principal config setting
      • Enumerations in applications
      • Event system
      • Events
      • Log class
      • Naming conventions
      • Public and trusted methods
      • Run as another user
      • Service brokers
      • Service config property encryption
      • Serving UI directories
      • Table control
  • Apps
    • FlowAI
    • Itential Automation Gateway
  • Resources
    • Itential Academy
    • Version lifecycle
    • Itential MCP
    • Accessibility conformance
    • Get support
    • FAQs
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • The protection property in pronghorn.json
  • Example configuration
Platform On-PremDeveloper guide

Public and trusted methods

Was this page helpful?
Previous

Run as another user

Next
Built with

The protection property in pronghorn.json

To support public or trusted methods, you must set the protection key at the root layer inside a method in pronghorn.json. Itential Platform supports two values for this property, both of which override the default role-based authorization.

The first value is public, which allows anyone — regardless of whether they are an Itential Platform user — to access the route. This is the least secure option and should only be used for data that is acceptable for public exposure.

The second value is trusted, which allows anyone logged into Itential Platform to access the route, regardless of their groups or roles. This is useful for common methods used by all users that do not require specific authorization controls. For example, the GET /whoami route is required for all users, as it allows them to see information about themselves. While more secure than public, trusted should be used sparingly as it bypasses role-based authorization.

When overriding the protection key in the 2023.1 and 2023.2 release versions of Itential Platform, you must not have any roles defined on the method. Those roles will no longer be useful and would only add confusion about which authorization scheme is required. By default, role-based authorization is used if the protection property is not set.

Example configuration

The following shows the protection property set to authenticated:

1{
2  "name": "exampleMethod",
3  "summary": "Example method",
4  "description": "Example method",
5  "roles": [],
6  "route": {
7    "path": "/method",
8    "verb": "GET"
9  },
10  "input": [],
11  "output": {
12    "name": "method",
13    "type": "object",
14    "schema": {
15      "title": "method",
16      "type": "object"
17    }
18  },
19  "protection": "authenticated"
20}