Different access rules for different endpoints in the same API

Hi Folks,

Suppose I have an API called “User”, and in there is a /session and a /tasks endpoint. Is it possible to have POST /session open (so the user can log in) while at the same time having GET /tasks requiring authorization? Or do we have to create two different definitions that point to the same service?


Hi cajund,

You can use the Ignore plugin in the Endpoint Designer to remove the authorization from the /session endpoint.

Thanks! :slight_smile:

Thanks, how would you do this programmatically? I’m not using the dashboard to configure me API’s.

You’ll need to add an entry to the ignore_list of the extended_paths section in the definition. It looks like the docs there are sparse, I’ll flag it with the team here.

I think this is ignored in the API Definition (not ignore_list). Should it also be in the white_list? Seems like a yes…