Access Control List (ACL) Plugin

Restrict access to an API by whitelisting or blacklisting consumers using arbitrary ACL group names. Give it a try and discuss it here!

ACL plugin documentation

Is it possible to create just one API Resource (for all URIs) with just GET Http Methods and have an ACL whitelist Group name like READ_ONLY? (I’m testing with the API definition of URI ‘/’, but it’s not working.)

This way I can give READ permissions for specific users for all of the API resources.

I was hoping there was a easier way then creating a API Resource for each resource and each HTTP Method. Eventually there will be PUT permissions, POST permissions and DELETE Permissions.

Found my answer.

When setting up the API definition

uri = '/*' is supported for all resources.