-
Notifications
You must be signed in to change notification settings - Fork 1
REST API
The braid management server using a set of api endpoints and verb requests to allow you to create, modify and create content based on the verb used.
The api uses a simple basic auth on every request which will then validate you as a user. If you make it past the first authentication middleware, your request is then routed through a custom written authorisation middleware that will check to see if you are accessing a resource that belongs to the current authenticated user. If you are then you will be allowed through then you can make any changes to any of the resources that belong to that user.
If you are an admin (the only other available role at the moment), you can then modify other users data by providing a userId url parameter. The Authorisation middleware will check this to see if that person exists, if they do then it will check the authenticated users role. If the user has admin level access then they will be allowed to modify the resources of the user specified in the userId url parameter.