REST API Security Improvements

We have implemented new security controls to the Sorry™ REST API to protect status pages further.

The API now checks the roles a team member is assigned and then grants the appropriate permission on a given action on an API endpoint.

If the team member does not have the role or permission, they will receive a "403 Forbidden" message.

Example tasks and associated roles:

  1. Creating a new notice: Team members with the 'Publishing' role can use the notices API endpoint to create notices impacting components within the access list. If a team member is not permitted to post against specific components, they cannot make the notice.
  2. Adding or removing components: Team members with the 'Configuration' role can use the components API endpoint to create a new or remove a component.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us