function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Scott WellsScott Wells 

Is the "API Enabled" permission required for Apex REST?

I can see clearly that the "API Enabled" permission must be granted to a user before that user can invoke the standard platform Web services APIs (CRUD, metadata, etc.), but what I still can't verify for sure is whether that permission is also required for custom Apex REST services.

 

I ask because we'd like to enable bidrectional integrations with our OEM applications via standard Web services, ideally without requiring that the "API Enabled" permission be granted to all of the users that would invoke these APIs.  My hope is that it's only required to invoke platform services and not custom services delivered in managed packages.

 

Does anyone know the answer to this one?  If so, is there any supporting documentation that you can provide?

 

Thanks!

Scott WellsScott Wells
I think I've found the answer to this and any external integration through a Web service API, system or custom, requires this permission, but I'd love to hear any other thoughts on the topic from those who have worked through this either way.