Security considerations for using REST API resources
SSL
Blue Cedar recommends using SSL to transfer sensitive information (such as user passwords) over HTTP, unless access to your policy console is limited to internal networks.
User access
All active policy console users can access many of the resources in the policy console, but some resources are only available to administrators.
You can set administrator access for a user with POST user/create or PUT user/update.
Authentication
Policy console REST resources use form-based authentication and maintain a session on the server side. Nearly all server requests should be authenticated—see Authenticating policy console users for guidelines and an example.
Server requests and responses
Access policy console resources with HTTP requests, and the policy console responds with JSON-formatted data. For a detailed overview of requests and responses, see Accessing and invoking policy console resources.