1

I'm evaluating WSO2 API Manager to organize some corporate APIs.

Is it possible to authorise users based on a combination of resources and HTTP verbs?

To be clear, I need something like this:

user1 with Access_Token_1, can POST, PUT and DELETE to resource /myresource

whereas

user2 with Access_Token_2, can only do a GET to the same resource /myresource

any thoughts on how to do this?

tk_
  • 16,415
  • 8
  • 80
  • 90
user1959492
  • 63
  • 1
  • 4

1 Answers1

1

We need to have Entitlement Mediator in API Gateway.

http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml

Thanks & regards, -Prabath

Prabath Siriwardena
  • 5,891
  • 1
  • 27
  • 34