Security Rules


Security rules is a Catalyst Serverless component enable you to define the invocation and access rules of your Catalyst Basic I/O and Advanced I/O functions. The Security Rules feature is essentially a JSON file that allows you to configure the following properties of a function:

  • The HTTP methods that can be used to access the function
  • Whether authentication is required or optional to access the function
  • Security rules do not define configurations for Cron and Event functions as they cannot be directly executed by end users.
  • The configuration parameters in security rules are the same for all Java, Node.js and Python functions.

Security Rules is a basic API management tool that is considered to be the default security configuration of a function. When you create a Basic I/O or an Advanced I/O function in the Catalyst console or deploy a function from the CLI to the remote console, the security rules definitions are created for it automatically in the console. Catalyst populates default values for the security rules definitions of the function. You can later modify them according to your requirements.

For advanced API management, you can disable Security Rules and enable API Gateway for your function and web client end points. API Gateway is an enhancement to Security Rules that acts as a single entryway to access Catalyst functions and web clients.

Points to remember:

  • When you enable API Gateway for your Catalyst application, Security Rules will be disabled automatically.
  • You can migrate Security Rules definitions of your functions to API Gateway.
  • When API Gateway is disabled, the configurations defined for a function in Security Rules will be followed by default.

Last Updated 2023-08-18 18:27:19 +0530 +0530