Trongate Docs
switch to dark modeswitch to dark mode
Wide Open Authorization

Wide Open Authorization

Having wide open API endpoints can sometimes be dangerous!  Use this feature with caution.

Wide Open Authorization grants access to anyone, regardless of whether or not they have logged in.  When an API endpoint has Wide Open Authorization enabled, it means that the endpoint will be wide open to everyone.  This means that anyone will be able to access the endpoint and also submit parameters to the endpoint.  The syntax for enabling Wide Open Authorization is:


Why Do We Even Need This?

The idea of having an authorization mechanism that forces developers to actively declare when an API endpoint is wide open, is good for security.  The reason why it's good for security is because it means that the default status for API endpoints is "access denied".


Below is an example of a setting, for an API endpoint, that has Wide Open Authorization enabled.​

​"Count By Post": {
​    "url_segments": "api/count/fish",
​    "request_type": "POST",
​    "description": "Count number of records",
​    "enableParams": true,
​    "authorization":"*"

NOTE: For the example shown above, our API endpoint setting would be stored inside an 'assets' directory, in a file named api.json.  We can see from the 'url_segments' property that our endpoint is being assigned to a module (and corresponding database table) named 'fish'.


If you have a question or a comment relating to anything you've see here, please goto the Help Bar.