This allows us to use tools like Zeek to create entries using the API. There is a register_client endpoint any client can hit, but until an admin user accepts the client and assigns actiontypes, clients won't be able to affect change. As a side effect, this means we also had to turn the WebUI into a client since that calls the API in the background.
Authorization decisions are for creating entries are made in api/views.py in the perform_create method.
This allows us to use tools like Zeek to create entries using the API. There is a
register_client
endpoint any client can hit, but until an admin user accepts the client and assigns actiontypes, clients won't be able to affect change. As a side effect, this means we also had to turn the WebUI into a client since that calls the API in the background.Authorization decisions are for creating entries are made in
api/views.py
in theperform_create
method.