You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -282,11 +282,11 @@ Endpoint configuration is done using the `private array static $api_config` fiel
282
282
|`ACCESS`| The level of access required for the endpoint or for an individual field or relation. Options are:<ul><li>`PUBLIC` - Can be accessed by anyone including not-logged-in users</li><li>`LOGGED_IN` - Must be logged in to access</li><li>`<PERMISSION_CODE>` - User must be in a Group with this permission code</li><br><br>If this is not set to `PUBLIC` the an `x-csrf-token` header must be past in unless it has been disabled - see the [CSRF token](#readme-csrf-token) section below.<br><br>If set to `PUBLIC` it is strongly recommended that `ALLOWED_OPERATIONS` is set to `VIEW` (which is the default) so that write operations are not permitted.<br><br>If the `silverstripe/versioned` module is installed then the reading mode will be set to `Versioned::DRAFT` so that draft content is read and written. |
283
283
|`ALLOWED_OPERATIONS`| The operations that are allowed on the endpoint which can be any combination of:<ul><li>`VIEW` - Can view the data. Used for `GET` and `HEAD` HTTP requests.</li><li>`CREATE` - Can create new data using `POST` HTTP requests.</li><li>`EDIT` - Can update existing data using `PATCH` HTTP requests.</li><li>`DELETE` - Can delete existing data using `DELETE` HTTP requests.</li><li>`ACTION` - Can call actions e.g. the `/publish` action using `PUT` HTTP requests.</li></ul>Multiple operations can be joined together with `DELIMITER` which by default is `_` for instance `CREATE_EDIT_DELETE_ACTION`<br><br>Default is `VIEW`<br><br>Note that the `OPTIONS` HTTP request is always allowed |
284
284
| `CALL_CAN_METHODS` | The `can*()` methods that are called on every DataObject, i.e.<ul><li>`VIEW` - Call `canView()` when making a `GET` or `HEAD` request</li><li>`CREATE` - Call `canCreate()` when making a `POST` request</li><li>`EDIT` - Call `canEdit()` when making a `PATCH` request</li><li>`DELETE` - Call `canDelete()` when making a `DELETE` request</li><li>`ACTION` - Call relevant method when running an action e.g. `canPublish()` when calling the `/publish` action</li></ul>Join together with `DELIMITER` which by default is `_` for instance `EDIT_DELETE`<br><br>Default is `VIEW_CREATE_EDIT_DELETE_ACTION`<br><br>To only disable `canView()` to increase performance, set to `CREATE_EDIT_DELETE_ACTION` - note be careful doing this if the endpoint allows write operations that allow updating a `has_one` relation because that may be set to a relation record that would normally fail a `canView()` check for the user and the user can then view the updated relation JSON in the response body.<br><br>To disable all `can*()` checks set to `NONE` |
285
-
|`CACHE_MAX_AGE_VIEW`| The `max-age` set in the HTTP `Cache-control` header for `GET` requests<br><br>Default is `0` which will will result as `no-cache` being used instead of `max-age`|
286
-
|`CACHE_MAX_AGE_OPTIONS`| The `max-age` set in the HTTP `Cache-control` header for the `OPTIONS` request<br><br>Default is `604800`|
287
-
|`LIMIT_DEFAULT`| The default limit applied to ORM queries when a `limit` querystring parameter is not provided<br><br>Default is `30`.<br><br>Note this has no effect on `has_many` relations which will always return all records as they cannot have querystring parameters set for them |
288
-
|`LIMIT_MAX`| The max limit that can be applied to ORM queries via the `limit` querystring<br><br>Default is `100`.<br><br>Note this has no effect on `has_many` relations which will always return all records |
289
-
|`ALLOW_API_TOKEN`| Whether an API token can be used to authenticate with the API via the `x-api-token` HTTP header<br><br>Default is `false`|
285
+
|`CACHE_MAX_AGE_VIEW`| The `max-age` set in the HTTP `Cache-control` header for `GET` requests<br><br>Valid values are positive ints.<br><br>Default is `0` which will will result as `no-cache` being used instead of `max-age`|
286
+
|`CACHE_MAX_AGE_OPTIONS`| The `max-age` set in the HTTP `Cache-control` header for the `OPTIONS` request<br><br>Valid values are positive ints.<br><br>Default is `604800`|
287
+
|`LIMIT_DEFAULT`| The default limit applied to ORM queries when a `limit` querystring parameter is not provided<br><br>Valid values are positive ints.<br><br>Default is `30`.<br><br>Note this has no effect on `has_many` relations which will always return all records as they cannot have querystring parameters set for them |
288
+
|`LIMIT_MAX`| The max limit that can be applied to ORM queries via the `limit` querystring<br><br>Valid values are positive ints.<br><br>Default is `100`.<br><br>Note this has no effect on `has_many` relations which will always return all records |
289
+
|`ALLOW_API_TOKEN`| Whether an API token can be used to authenticate with the API via the `x-api-token` HTTP header<br><br>Valid values are bools.<br><br>Default is `false`|
290
290
|`RELATION`| Include data from relations on data objects. This is detailed further below in its own section |
291
291
|`DATA_OBJECT_FIELD`| Special key used to define the DataObject field used when defining configuration on an individual field. This is detailed further below in its own section |
0 commit comments