Monday, July 17, 2017

How to block a particular user from accessing an API

1. Login to Admin Dashboard from the admin user. (https://api.cloud.wso2.com/admin/)

2. Click Black List under the Throttle Policies section and click Add Item (Refer to the screenshot below)


3. Select the condition type as the user and give the full qualified username as the value and click blacklist. (Refer to the screenshot below)

For example, if you want to block the user amalka@wso2.com from invoking APIs, you have to provide the value as amalka@wso2.com@amalkaorg by appending the organization key at the end of the username with '@' character. 


If you follow the above steps, the user will not be able to invoke APIs. Also please note that if you blacklist, the user will not be able to invoke any API until you remove the blacklist policy.

No comments: