The Infor Communities is globally accessed system by
Infor and its customers, please do not post or upload
any content that could be deemed as sensitive, confidential or
subject to any data regulation requirements.
If you are unsure whether or not the content contains sensitive,
confidential or has any data regulation requirements,
please seek the advice of your internal security, legal, and compliance experts.
We are trying to integrate a 3rd party application with M3 via M3 Rest APIs.
We have created an authorized app in ION API. By default, this authorized app will have access to all APIs.
How can we configure so that it will only have access to a specific APIs like AddBatchHead and AddBatchLine.?
Is this defined at user level in M3? Is it also possible to expose only specific fields in an API like the mandatory ones?
Any response will be greatly appreciated.
Are you OP or in the cloud ?
The customer is in Single tenant environment.
OK. So maybe you can have a look at SES005 to set up API security.
Check also the M3BE properties in the M3 server view. Look for "api.authorization" and set this property to 1.
You can also limit the access to a list of API transactions by playing with boot.api.allowedTransactions (it will override SES005). For example, if you have set up *ALL in SES005 for MWS410MI and changed this property to "GetHead" only then you should not be able to use any other transaction than "GetHead".
Last but not the least, verify that ION API is using this security settings (it should).
Thank you very much for your reply. We'll look into that and let you know if we have any concerns.