Trongate Docs
switch to dark modeswitch to dark mode
»
»
User Owned Segment Authorization

User Owned Segment Authorization

There may be times when you'd like to allow access to users who have been assigned to a record that is being fetched from an API endpoint.  For this type of situation, User Owned Segment Authorization is perfect.

Video Tutorial

In this video tutorial you will be walked through an example of user owned segment authorization.


How It Works

Let's assume that you have a database table that contains a column called 'trongate_user_id'.  Let's further assume that the 'trongate_user_id' column represents the Trongate User IDs of users who 'own' (or have been assigned to) the table records.

User Owned Segment Authorization lets you grant access only to users whose accounts can be matched to the records that are being fetched.

This kind of authorization requires the following declarations:​

  • the name of the column, on the database table, that a target URL segment represents
  • the segment number, from the URL, where the target segment is to be found

WARNING!
User Owned Segment Authorization will only work if the target database table contains both a 'trongate_user_id' column as well as a column matching the column name that has been declared.

Basic Syntax

The basic syntax for User Owned Authorization is:

"authorization": {
    "userOwnedSegment": {
        "column": columnName,
​        "segmentNum": segmentNum
​    }
}

Just To Let You Know
In the code example above, 'columnName' should be replaced with the name of a column from the target database table.  Also, 'segmentNum' should be replaced with an integer that represents the URL segment to be read.

Below is an example of a 'Find One' endpoint where access has been granted to users who can be successfully matched with the database records that are being requested:

  "Find One": {
    "url_segments": "api/get/members/{id}",
    "request_type": "GET",
    "description": "Fetch one row",
    "required_fields": [
        {
            "name": "id",
            "label": "ID"
        }
    ],
    "authorization": {
        "userOwnedSegment": {
            "column": "id",
            "segmentNum": 4
        }
    }
}

Top Tip
Don't forget, the {id} value from the 'url_segments' property, above, would represent the 'id' column from the 'members' database table.


HELP & SUPPORT

If you have a question or a comment relating to anything you've see here, please goto the Help Bar.

 
×