Find your content:

Search form

You are here

Force usage of sessionId when accessing REST service

 
Share

Is there a way to force clients of REST service to use their sessionId to access a REST service ? I can currently access this URL without any sessionId https://ddddddd.force.com/services/apexrest/contacts/00sddd5/employees

I did add the Rest service class RESTClass... to the Public Access Settings of the tools Sites -> Apex Class Access.

http://www.salesforce.com/us/developer/docs/apexcode/index_Left.htm#CSHID=apex_rest_code_sample_basic.htm%7CStartTopic=Content%2Fapex_rest_code_sample_basic.htm%7CSkinName=webhelp

Apex class methods that are exposed through the Apex REST API don't enforce object permissions and field-level security by default. We recommend that you make use of the appropriate object or field describe result methods to check the current user’s access level on the objects and fields that the Apex REST API method is accessing. See Schema.DescribeSObjectResult and Schema.DescribeFieldResult. - Exposing Data with Apex REST Web Service Methods

Schema.DescribeFieldResult F = Employee_c.Termination_Date__c.getDescribe();

F.isAccessible() returns true if user is allowed to see this field

Boy-if we have to do this for all fields even if we use a utility, that is a pain.

TIA


Attribution to: Vijay

Possible Suggestion/Solution #1

The issue is that you would like to authenticate users before allowing access to the web service, but you are exposing the web service with public access. You will need to reduce the security to only internal users.


Attribution to: tannershamrock
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/4062

My Block Status

My Block Content