Authorization for the REST API is performed using the existing access rights infrastructure within Rhapsody:

  • A root-level access right 'Call REST API' provides general access to Rhapsody's REST API, and all other new access rights related to the REST API depend on it (Rhapsody IDE understands these dependencies and displays them appropriately). For new installations, this access right is automatically granted to the administrators group; for upgraded engines this access right is granted to any existing groups that currently have the USERS_EDIT access right (which is often the administrators group).
  • Access rights have also been defined to call each REST API method, generally with separate access rights for reading a particular service and writing to a particular service. These access rights relate to specific REST API functionality, and can be configured independently from allowing access to that functionality in Rhapsody IDE or Management Console. REST API methods will only return results for lockers that the user has access to. For example, to get the Error Queue count for the whole engine, the user needs the ability to search Error and Hold Queues on every locker.
  • By default, the Developer and Monitoring Access Groups do not have access to any REST API methods and the Administrator Access Group only has access to a basic set. Refer to Access Control in Rhapsody for details on how to configure access rights.
  • For security reasons, the Administrator user cannot be granted access to the Message Retrieval and Message Searches REST API methods.

Refer to Access Rights for a full list of access rights that control access to the REST API methods.