Kent Yeabower
Hello all,
I've asked our xMatters admins to allow me REST API access to xMatters as I just want to read the on-call schedule, however there was a concern that granting me REST API permission will grant me more permissions than I currently have.
My question is, what role/permission do I need to be able to access the REST API, and will that role/permission grant me extra permissions to edit things inside xMatters?
I tried to research this and per the Roles and Permissions section of the REST API guide, it seemed to imply that anyone could access the REST API and would just be able to see the same things that they can see in the GUI:
The xMatters REST API controls access to features using the same roles and permissions as the xMatters web user interface. If the authenticating user has permission to perform an action or access a particular resource in the web user interface they can use the corresponding endpoints and see the same information in this API.
0
Comments
Please sign in to leave a comment.
Hi Kent,
What you state is 100% accurate. Anyone in theory can access the xMatters API, but you can only do or use the endpoints for which you have permission to. That is to say - if you can search and find users in xMatters via the Users tab, you can use the GET /api/xm/1/people endpoint to return the same set of users. As a standard user, you won't be able to POST to a user's endpoint and update their data though, as you can't do that via the web UI.
By getting the REST API role (or REST Web Service User role if you will) you get access to ALL the API endpoints so yes, it gives a great amount of access via the API. As such there may be things you can do in the UI that you wouldn't normally so the concern about access is legitimate.
Feel free to post additional questions about this if you have them
Happy Thursday!
Great! Thank you!