Policy
This section is really important since it allows you to control access to the API.
This section pertains to granting access to the entire API. If selective access is required, policies must be assigned to specific 'entity sets'. |
It should be noted that this feature is only applicable when the API is configured to function with Entity References. In the case of "Static" API classes, Entity Sets are not available.
As a default setting, all APIs are non-executable and must be enabled using Policies or by toggling the "Unrestricted API Engine" switch to "YES".