How to disable access permission Rest API default?
Such as I can view all product attribute information by: http://localhost/magento/rest/V1/products/attributes/status
{
"is_wysiwyg_enabled": false,
"is_html_allowed_on_front": false,
"used_for_sort_by": false,
"is_filterable": false,
"is_filterable_in_search": false,
"is_used_in_grid": false,
"is_visible_in_grid": false,
"is_filterable_in_grid": false,
"position": 0,
"apply_to": [],
"is_searchable": "1",
"is_visible_in_advanced_search": "0",
"is_comparable": "0",
"is_used_for_promo_rules": "0",
"is_visible_on_front": "0",
"used_in_product_listing": "1",
"is_visible": true,
"scope": "website",
"attribute_id": 94,
"attribute_code": "status",
"frontend_input": "select",
"entity_type_id": "4",
"is_required": false,
"options": [
{
"label": "Enabled",
"value": "1"
},
{
"label": "Disabled",
"value": "2"
}
],
"is_user_defined": false,
"default_frontend_label": "Status",
"frontend_labels": null,
"backend_type": "int",
"source_model": "Magento\\Catalog\\Model\\Product\\Attribute\\Source\\Status",
"default_value": "1",
"is_unique": "0",
"validation_rules": []
}
Best Answer
This functionality is available since Magento 2.0.4 and is provided by WebapiSecurity module. It makes product, website and CMS web APIs restricted to admin users by default. However you can still make them anonymous using configuration in the admin panel.