You need to sign in to do that
Don't have an account?
Rafi Bin-Nun Record Level API Access Control
We only want to expose a subset of an object’s records via API, is this possible? If so, how?
Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
Rafi Bin-Nun
Sorry, I'm not quite sure what are you trying to do, but may be these links with specific info about the different ways of sharing and expose data can help you in order to take a decision on how to share/expose the records and objects thorugh API or within your organization.
http://help.salesforce.com/help/pdfs/en/salesforce_security_impl_guide.pdf
https://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_understanding.htm
https://help.salesforce.com/HTViewHelpDoc?id=security_about_sharing_rules.htm&language=en_US (https://help.salesforce.com/HTViewHelpDoc?id=security_about_sharing_rules.htm&language=en_US)
Said that and re-reading your question: expose a subset of records via API:
I think , with in the link , you will find that Sharing Rules could be your closer option, however if you don't want to use the ownership in order to expose / share the records your solution would be to implement and Apex API to manage what exactly you would like to expose and share to others.
Hopefully the info helps a little bit. :)
Thanks,
Carolina.
The Apex API route would be ideal. Is there a way to restrict REST access to a particular Apex class? We created an Apex REST class (which exposed exactly what we wanted), but once that’s permissioned how do we prevent the user from issuing direct REST calls and querying the object directly?