In the API object, it is possible to assign different security profiles for each defined method. This makes it possible to discriminate the authorization by method, generating individual permissions for each one, and to add a general permission to control all the methods of the object.
To achieve authorization by method in API object, the permission generation process is performed as follows.
The first thing to do is to set Enable Integrated Security property to True, and Integrated Security Level property is set to "Authorization" value. Then you can choose between:
- Generating permissions by method
- Generating Full Control permissions.
These permissions are automatically generated by GeneXus when pressing F5. They can also be checked at runtime and managed programmatically using the SecurityPermission annotation. For more information, see GAM - Permissions.
In addition, you can use the SecurityLevel annotation to change the security level required for a method.
Individual permissions are generated for each method by combining the Permission Prefix property with the method name.
For the CustomerInfo method defined in APICustomer, of the example detailed in HowTo: Define an API object with a security scheme, the APICustomer_Service_CustomerInfo permission is generated.
In addition to the per-method permissions, there is an additional permission that allows all methods of the object to be executed. This general permission is created using the Permission Prefix property, followed by _Service_FullControl.
For the CustomerInfo method defined in APICustomer, of the example detailed in HowTo: Define an API object with a security scheme, the permission APICustomer_Service_FullControl, which grants access to all operations of the object, will be generated.
This feature is available since GeneXus 18 Upgrade 6.