Currently, access to all API endpoints and REST methods is governed by one permission called Use Veslink API. However, Administrators want some API users to have Read Only access and others to have both Read and Write access. They also want to restrict access to the IMOS message endpoints to all but a few users, given the administrative access those endpoints provide.
In response to client feedback, Veson Nautical has enhanced API security roles to enable finer-grained permissions to the API endpoints. To minimize disruption to API access, all users with the Use Veslink API permission will be granted all three new permissions:
API Read: Allows access to all Read calls, which use the GET method
API Write: Allows access to all Write calls, which typically use the POST and PATCH methods, as well as all Read calls
API IMOS Message: Allows access to IMOS message endpoints, as well as all Read and Write calls
After the migration, Administrators may further configure security as needed.
Migrating Users from the Current API Permission to the New Permissions
An Administrator with access to the User Management page within a Company can find the current Use Veslink API permission within the General Permissions section of the Edit User page.
Veson Nautical will perform a migration from the single Use Veslink API permission to the new set of permissions. To minimize disruption to API access, all users with the Use Veslink API permission will be granted all three new permissions to match their existing one.
Administrators should adjust these permissions according to the access they wish to assign to the user. For example, a user who should have API Read and Write access only would have the API IMOS Message checkbox unchecked.
Note that the API permissions are cumulative: checking API Write automatically applies API Read permissions; checking API IMOS Message automatically applies API Write and API Read permissions.