| title | category | sort | stage | enabled |
|---|---|---|---|---|
Security |
basics |
99 |
outlining |
true |
In addition to the below options we suggest configuring middleware for the API.
Enable the API policy to enforce the now required stream policy against the corresponding model policy method (viewAny, view, create, update, and delete).
// streams/contacts.json
{
"api.policy": true
}You can also specify a different policy to use for the API only:
// streams/contacts.json
{
"api.policy": "App\\Contacts\\ContactApiPolicy"
}If you would like to run authorization even if no streams or route policy is specified; you can configure a fallback policy.