API report issue

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
hduey
Posts: 1
Joined: 02 Jan 2021, 07:59
Contact:

API report issue

Post by hduey »

Hi,
I would like to use MantisBT to send feedback / bugs from an android app.

There is one generic user created in MantisBT who provided Rest API key. Using this key I can create ticket POST. However it's also possible to GET other tickets information with the same API key (because they are created by the same user). This is something I want to definitely avoid...

In the "Workflow thresholds" in deselect all options from all sections ("Capability","Notes","Tags","Others") but leave "Report an issue" for eg. REPORTER, however user is still able to read his own tickets (so because this is shared users his able to read other application users requests) .

One option is to use anonymous access however I wanted to avoid this as well to have basic protection from rouge activities.

Is this possible to create user that has only create issue privilege without read at all ?
Or perhaps is this possible to disable some REST API end points ?
Post Reply