Configuring API Custom Stored Procedure Security

API custom stored procedure security is used to prevent an API User from accessing custom search queries developed for other API Users using an API software such as Swagger or Postman.

Custom stored procedure security is managed with security entities and roles. The roles are auto-generated for an API User when you enable a stored procedure on the new Proc Access tab of the API User dataform (System Admin > Advanced > API Users).

This controls which stored procedures an API User can call in the API software parameters as well as what they can see in the Describe response. In the Describe response, users only see the stored procedures assigned to them. If they try to adjust the parameters to run a stored procedure without access permissions, the following message displays in the Response Body: "You are not authorized to perform this action."

Note: Only Developer users can manage API custom stored procedure security.

To configure API custom stored procedure security:

Go to System Admin > Advanced > API Users.
Locate the API User and then click (Open) next to the API User LoginID.

The API User form opens.
Click the Proc Access tab.
In the Access column, click the checkbox to:
- Add a check mark to enable the API User's access to one or more custom API stored procedures.
- Remove a check mark to disable an API User's access to one or more custom API stored procedures.
Click Save or Apply.

Note:
- You can conduct a More search to filter by procedure name or dataform name.
- When you enable API User access to a custom API stored procedure, a matching role is auto-generated on their User Details record (System Admin > Users).
  
  You can access it under Roles in the Action Center. If you delete the role here by clicking Remove next to it, access to the API custom stored procedure is removed. You will need to return to the Proc Access tab on the API User record to re-enable the stored procedure if it was removed in error.