Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Allow all API calls except DELETE operation

https://support.nagios.com/forum/viewtopic.php?t=59844

Page 1 of 1

Allow all API calls except DELETE operation

Posted: Wed Aug 26, 2020 11:36 am
by ghosham
Hello,
I am trying to give a set of users the ability to do GET, PUT and POST operations using API. I tested it at my end and it works. Couple of queries around it:
1. Does the API calls only works for resources with Admin privileges? I tried to setup my colleague as an 'User' and he received 'Access Denied' message
2. How to ensure a user have abilities to do GET, PUT and POST, but bar that user from DELETE operation?

Re: Allow all API calls except DELETE operation

Posted: Thu Aug 27, 2020 2:57 pm
by benjaminsmith
Hi,

For user accounts, there will only be to access the objects API endpoint; these are all GET requests. The other API endpoints like System and Config, are admin level functions, so that's why it is restricted to admin accounts.

Hope that answers your questions and let us know if you have more.

Benjamin

Re: Allow all API calls except DELETE operation

Posted: Sat Aug 29, 2020 7:30 am
by ghosham
Thank you for explaining the difference. Please feel free to archive this thread.

Re: Allow all API calls except DELETE operation

Posted: Mon Aug 31, 2020 7:35 am
by scottwilkerson
ghosham wrote:Thank you for explaining the difference. Please feel free to archive this thread.
Great!

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited