API Key on POST requests - no effect?

[cappuccinonet]

Not sending a/the Bearer Authorization token on Post request does not seem to block the request. Is this a bug or a feature?

[asierraserna]

Hello! There is a configuration file in the plugins/API/name of your api folder, where you can set the permissions, specifically the line

    // Set the login resource to be public
    $this->setResourceAccess('login', 'public', 'post');

where you can set it as private to force bearer key input . The example is public since is the one for login.

More info here

link: Techjoomla api documentation

I hope this helps!

[cappuccinonet]

@asierraserna Thanks very much for the response. This is exactly what I did in my code, following your documentation - but for some reason it seems not to block the post request. $this->setResourceAccess('search', 'private', 'post');

[asierraserna]

Hello! Ah that is not my documentation, I am just another developer using the awesome code from the guys of techjoomla.

This is an example I have:

You can see there, I got error since I am not passing an Autorisation Header.

I my code for this api plugin, it looks like this:

// Set the login resource to be public //$this->setResourceAccess('chats', 'public', 'post'); //$this->setResourceAccess('chats', 'public', 'get');

So I actually have it commented. What I mean with this is, add the line if you want to make it public, remove the line to make it private.

I believe everything is Private by default, and then you need to add the line to make it public.

Here is much better explained:

https://github.com/techjoomla/com_api/blob/e5b6f17e50d4326ff3c1608edb954c5522a9f170/docs/plugin-development.md#private-and-public-resources

I hope it helps!

[cappuccinonet]

@asierraserna This is it! Just tried to uncomment this line. It seems to work. Thank you very much. Hopefully the folks form techjoomla will provide this awesome tool for Joomla 4, too, since it's so straight forward.