Find your content:

Search form

You are here

Force usage of sessionId when accessing REST service


Is there a way to force clients of REST service to use their sessionId to access a REST service ? I can currently access this URL without any sessionId

I did add the Rest service class RESTClass... to the Public Access Settings of the tools Sites -> Apex Class Access.

Apex class methods that are exposed through the Apex REST API don't enforce object permissions and field-level security by default. We recommend that you make use of the appropriate object or field describe result methods to check the current user’s access level on the objects and fields that the Apex REST API method is accessing. See Schema.DescribeSObjectResult and Schema.DescribeFieldResult. - Exposing Data with Apex REST Web Service Methods

Schema.DescribeFieldResult F = Employee_c.Termination_Date__c.getDescribe();

F.isAccessible() returns true if user is allowed to see this field

Boy-if we have to do this for all fields even if we use a utility, that is a pain.


Attribution to: Vijay

Possible Suggestion/Solution #1

The issue is that you would like to authenticate users before allowing access to the web service, but you are exposing the web service with public access. You will need to reduce the security to only internal users.

Attribution to: tannershamrock
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content