The API ACL consist on a set of rules to allow API pass through.
This is the first layer of protection. A private ACL will require API Authentication and Permissions to act.
By default, all request will be allowed as private, meaning a authentication is required, if the app_status is at ‘dev’, but new request will be added to this table for you to access.
In Production, no new rules are added automatically.
You can change the ‘app_status’ in the welcome page of your App.
The control panel’s API ACLs will be automatically added when you build with the “with_api” parameter for you to manage the rules.
You can review the ACL in your App, under Settings -> API ACLs.
Learn more about API ACL.
Private route
Private route requires authentication and will be subject to the current users Permissions.
Public route
Public route skip authentication and all privileges check.
Be careful to make public route as restrictive as possible.