API Security
Target release | Type // to add a target release date |
|---|---|
Epic |
|
Document status | DRAFT |
Document owner | @ mention owner |
Designer | @ designer |
Tech lead | @ lead |
Technical writers | @ writers |
QA |
|
Objective
Restrict the visibility and access to API calls.
Requirements
Requirement | User Story | Importance | Jira Issue | Notes |
|---|---|---|---|---|
Add Employee object to Interface Master table. | HIGH |
|
| |
Associate a privilege ( Sec Role) to every web service function. that is checked against employee before execution. |
| HIGH |
|
|
Filter SWAGGER page to filter web service calls by employee’s privileges. |
| HIGH
|
|
|
Create a SWAGGER page separate from the interface setup, that can be used by third party developers. |
| LOW |
|
|
User interaction and design
Add an Employee record to Web Service Interface setup. The Employee record would be used to record actions in the last updated or comment sections. The Employee’s roles and privileges would also be used to govern which web service functions can be used.
Update SWAGGER page to filter for only web service functions available to the associated employee record.