Security
RestAPI.com provides comprehensive security features to protect your data and control access at multiple levels.
Overview
Security in RestAPI.com is built on three core concepts:
| Concept | Description |
|---|---|
| Roles | Named groups that users belong to |
| Access Rules | Define which roles can perform which operations |
| Security Policies | Control access based on data relationships |
Built-in Roles
Every API includes these system roles:
| Role | Description |
|---|---|
_EVERYONE | Public access — anyone can access, no authentication required |
_AUTHENTICATED_USER | Any authenticated user can access |
_CREATOR | Only the creator of a record can access it |
How Access Control Works
Access is evaluated at multiple levels:
Request → Authentication → Role Check → Security Policy → Data
- Authentication — Is the user authenticated? (required for most operations)
- Role Check — Does the user have a role that permits this operation?
- Security Policy — Does the user have access through data relationships?
Sections
- Roles — Create and manage custom roles
- Access Rules — Configure method-level permissions
- Security Policies — Row-level security through relationships