authenticate only certain routes

[jonshutt]

Hello,

I'm using the authentication and login stuff, which is working fine. However, I need one route to be open to anyone, not just logged in members.

`Member: extensions: - RESTfulAPI_TokenAuthExtension

RESTfulAPI: authentication_policy: true access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL' dependencies: authenticator: '%$RESTfulAPI_TokenAuthenticator' cors: Enabled: true Allow-Origin: '' Allow-Headers: '' Allow-Methods: 'GET,POST' Max-Age: 86400 RESTfulAPI_TokenAuthenticator: tokenOwnerClass: 'Member'

Mountain: api_access: 'GET'

Log: api_access: 'GET,POST'`

I'd like the 'Log' dataobject to require the authentication, but the 'mountain' dataobject should be open to everyone.

Is this possible?

[colymba]

Hey @jonshutt sorry for leaving you hanging with no answer...

Right now this is not possible with just a straight forward config. To get one API route with Auth and another without or just for some models, I see 2 solutions:

1. Extend RESTfulAPI to something like OpenRESTfulAPI and disable Auth on its config. Then add a director route with something like 'openapi': 'OpenRESTfulAPI'
2. Or extend RESTfulAPI_TokenAuthExtension and override authenticate to always return true for certain models

Extending RESTfulAPI might cleaner in the end, if you are ok to have 2 different api routes.