When using the REST API, your client application needs to act under the permissions and restrictions of a particular user. This way Jmix can link the API calls to a user and apply the regular Security Authorization capabilities of Jmix to the requests.
The REST API supports a variety of security mechanisms that are available via the Security Subsystem of Jmix. Additionally, it adds API-specific parts on top like OAuth2 for securing the interactions via the API.
REST: minimal access (
rest-minimal): Allows users to interact with the application via the API.
By default, all CORS requests to the REST API are allowed. To restrict the origins list you can define the allowedOrigins application property.
For further customizations of the CORS configuration, see Spring Security Documentation on CORS.