Skip to main content
Cartegraph Campus

Security for REST API

This feature may not be available in every package. Not sure if you have this feature or you want to learn more about it? Send us a message at support@cartegraph.com. 

Cartegraph's API is a licensed product that requires a purchase and verified ownership before production use.

  • Purpose: View the currently signed-in user's create/update/delete and view permission security for a class or a set of classes. All security permissions for Cartegraph are opt-out style. This means that all responses from this method will be optimized to only include results that have been opted-out of. The absence of a result means that the user has full permissions to that class.
    • Note: CanView being false does not mean that records cannot be requested through the API. What it does mean is that OMS UI will hide the class, from view, in order to reduce the number of unnecessary classes that a user must consume.
  • Introduced: v8 - Summer 2015
  • HTTP Method: GET
  • URL:
    • https://yourserver.com/cartegraph/api/v1/Security/Classes
    • https://yourserver.com/cartegraph/api/v1/Security/Classes?classNames={className},{className}
  • URL Parameters:
    • classNames —Comma-delimited list of Cartegraph business object class names (for example, cgSignsClass,cgTasksClass,cgSigns_cgInspectionsClass)

Example Requests

Get all of the rules for all classes for the currently signed-in user. This user has not been denied permission to any classes.

GET https://yourserver.com/cartegraph/api/v1/Security/Classes

Get all of the rules for all classes for the currently signed-in user.

GET https://yourserver.com/cartegraph/api/v1/Security/Classes

Get the rules for a particular subset of classes for the currently signed-in user.

GET https://yourserver.com/cartegraph/api/v1/Security/Classes?classNames=cgSignsClass,cgSigns_cgInspectionsClass,cgTasksClass

Attempt to get the rules for an invalid class name for the currently signed-in user.

GET https://yourserver.com/cartegraph/api/v1/Security/Classes?classNames=InvalidClass

Example Responses

Requested the rules for all classes, but permission has not been denied to any classes:

{}

Requested all of the rules for all classes for the currently signed-in user. Permission has been denied for deletion of cgSignsClass and for create, update, and delete of cgSigns_cgInspectionsClass.

{
    "cgSignsClass":
    {
        "CanDelete": false
    },
    "cgSigns_cgInspectionsClass":
    {
        "CanCreate": false,
        "CanUpdate": false,
        "CanDelete": false,
        "CanView": true
    }
}

Requested the rules for a particular subset of classes for the currently signed-in user. Permission has been denied for delete and view of cgSignsClass and for create, update, and deletion of cgSigns_cgInspectionsClass. cgTasksClass has no permissions denied, so it is excluded from the result set completely.

{
    "cgSignsClass":
    {
        "CanDelete": false,
        "CanView": false
    },
    "cgSigns_cgInspectionsClass":
    {
        "CanCreate": false,
        "CanUpdate": false,
        "CanDelete": false,
        "CanView": true
    }
}

Requested the rules for an invalid class name for the currently signed-in user. Since the class does not exist, it is treated as if you have full permissions to it, so it is excluded from the result set completely.

{}

Status Codes Returned and Common Error Messages

  • 200 OK
    • The message body contains a JSON object containing className properties that correspond to the class names in the URL. The value of each of these properties is the security permissions for that respective business object. Classes with no permissions specifically denied will be excluded from the results.