Hey everyone just a quick question. I was trying to think of a quicker and easier way (and hopefully more foolproof way) to ensure that all the actions that need protecting are protected. Rather than having to add the security restrict to each api workflow each time.
What I have done is added a Condition in the Global.Json which does a condition to see if the $server.url contains the path I am looking for. It will then run my security Restrict. Is this the best way to do this or is there a better way to do that please?
I use $_SERVER.PATH_INFO instead of $_SERVER.URL, and I use the .startsWith formatter rather than .contains. I suggest you do the same
Set Value pathinfo = {{ $_SERVER.PATH_INFO }}
Condition {{ pathinfo.startsWith("/api/admin") }}
I actually use an array to store the paths that need to be restricted, and then I use a Repeat step to iterate on each array element (each path that needs to be restricted) and check if it matches the current path
Also, see my initial discussion regarding this matter here:
. Glad I was on the right track at least.