A configuration of universal REST and Comet API is set in the file smartWeb.json in the following manner: 

{
    "application": {
       "cometApi": {
            "enabled": "true", /* global permission or prohibition of the Comet API interface, predefined value is true */
			"accessFilter": {
  				"allowedD2RpcEventNames": ["*"], /* list of allowed events, predefined value is "*" */
  				"allowedD2RpcMethodNames": ["*"], /* list of allowed RPC methods, predefined value is "*" */
  				"allowedD2ObjectNames": ["*"] /*list of accessible objects, predefined value is "*" */
			}
		},
        "restApi": {
            "enabled": "true", /* global permission or prohibition of the REST API interface, predefined value is true */
			"accessFilter": {
  				"allowedD2RpcEventNames": ["*"], /* list of allowed events, predefined value is "*" */
  				"allowedD2RpcMethodNames": ["*"], /* list of allowed RPC methods, predefined value is "*" */
  				"allowedD2ObjectNames": ["*"] /* list of accessible objects, predefined value is "*" */
			}
        },      
    }  
}

If we do not define this part of the configuration, both interfaces with calls of all RPC methods and acquisition of all objects values (current and historical values) are standardly allowed. In a configuration, it is possible to completely prohibit individual API by attributes enabled. The content of configuration objects cometApi and restApi is the object accessFilter, which defines the allowed names of objects, events and their RPC methods. It is possible to define the allowed names also generally by standard wildcart characters used while browsing files (for example "*" for an arbitrary number of characters, "?" for one arbitrary character).

Napíšte komentár