Route authorizations
You can define route authorizations (Granted/Not granted) for the API resources and the corresponding methods. Authorizations can be configured for each path segment of the service path (URL) of a resource. For each resource, you can define authorizations that apply to all companies and methods, but you can also define different authorizations per company and per method. Authorizations that are defined for a particular resource can be ‘cascaded’ to the children of that resource. In the authorization of a child resource, you can add additional authorizations, for example to make an exception to the authorization that was inherited from the parent resource.
Example 1
You specify these route authorizations:
- For
/lnapi/odata/tdapi.purPurchaseOrder, you specify that the PATCH method is not granted, and you indicate that this authorization must be cascaded to the child routes. - For the
/lnapi/odata/tdapi.purPurchaseOrder/Orderschild route, you specify that the PATCH method is granted. - You do not specify additional authorizations for the other child routes of
/lnapi/odata/tdapi.purPurchaseOrder.
As a result, the PATCH method is granted for the
/lnapi/odata/tdapi.purPurchaseOrder/Orders child route and not granted
for the other child routes of /lnapi/odata/tdapi.purPurchaseOrder.
Example 2
You specify these route authorizations:
- For
/lnapi/odata/tdapi.purPurchaseOrder, you specify that all methods are granted, and you indicate that this authorization must be cascaded to the child routes. - For the
/lnapi/odata/tdapi.purPurchaseOrder/Addresseschild route, you specify that the PATCH method is not granted. - You do not specify additional authorizations for the other child routes of
/lnapi/odata/tdapi.purPurchaseOrder.
As a result, all methods, except PATCH, are granted for the
/lnapi/odata/tdapi.purPurchaseOrder/Orders child route. For the other
child routes of /lnapi/odata/tdapi.purPurchaseOrder, all methods are
granted.