Enhancements to APIs to restrict anonymous user access
We have implemented key improvements to a few Marketplace APIs to enhance data security and control over what information is exposed to anonymous users. These changes align UI and API behavior more closely and reinforce protection of sensitive information.
What is changing?
-
Pricing suppression in Editions API - when the Logged Out Pricing setting is enabled in Marketplace settings (Go to Manage > Marketplace > Settings | Marketplace Functionality), pricing data in the Editions API will now be suppressed for anonymous users. This aligns with existing UI behavior, as well as the behavior of the Listing and Products APIs. Instead of actual values, the pricing field will return null, ensuring pricing is hidden.
Impacted endpoint: Editions API (
/api/marketplace/v1/products/{applicationId}/editions/{editionId}
) -
Restriction of Integration URLs - to prevent unauthorized access to sensitive integration links, these URLs will now be visible only to users who are logged in. Anonymous requests to the following endpoint will no longer receive integration URLs in the response.
Impacted endpoint: Retrieve a product (
/api/marketplace/v1/products/{id}
)
Feature enablement
This feature is enabled by default.
Setting enablement
Enable Logged Out Pricing in Marketplace settings for pricing suppression. No other setting enablement is required.
Documentation
No documentation updates are required.
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
Thanks
We appreciate your feedback!