GuidesiMIS ProfessionaliMIS EnterpriseClient Support
HomeGuidesAPI ReferenceChangelogDiscussions
GuidesiMIS ProfessionaliMIS EnterpriseClient SupportLog In
Discussions
These docs are for v20.3.44. Click to read the latest docs for v20.3.186.

Discussions

Ask a Question
Back to All

REST API Permissions Documentation

almost 5 years ago by Justin Trout

Is there any documentation on the permissions applied on the REST API endpoints? Specifically, we've identified a scenario where a user who has authenticated with a refresh_token is able to edit any other record's data via PUT/POST on the Party endpoint, but they don't seem to be able to make GET requests to the User endpoint for any record by their own, or one they could normally access via On Behalf Of. If we could get some clarification on when a given user's iMIS permissions are applied to their behaviors on the REST API side, that would be very useful.

Thanks!