Restrict REST API Access for public
So as far as i can tell anybody can access the REST API without needing to be authenticated? I tried to get some results from the API without the httpauth in the url and i still get all the results i got when i was authenticated. Is there any possibilty to restrict the access to the API for only registered users? I don't want anybody to read my build results (even if it's not dramatic).
Please sign in to leave a comment.
Hello,
REST API exposes the same level of data available via UI for authenticated and non-authenticated users, properly checking user's permissions. There are only several REST API endpoints which do not require authentication and those expose the same data which is available via regular UI for unauthenticated users.
The most probable reason you got REST API responses is that you tried the requests from your browser which has an authenticated session stored in a cookie. Try executing the same request in incognito mode or via curl tool to run a due test.
Hi Yegor,
thanks for your super fast reply! I actually messed up with this post and wasted your time which i'm sorry for! I was logged in as you described and i didn't try out anon mode or any other browser.
Now i've actually got a different problem but i will open a new topic on that!