RESTful user and permissions on custom module

Off the top of my head I'd say the user needs to have read permission of the module(resource) you have created. If the module doesn't have that permission, then the user should be allowed to read it automatically.

Also: The user should be bound to the site the object is associated with. The user should have that permission for the site the object is associated with. If it's a global object, permission "globalread" applies if it exists. I'm not really sure how this works if you haven't specified a SiteID column in the TypeInfo of your class.

I'm not really sure about this and I might come back with a 100% answer a bit later. For the time being could you clear up some of the unknowns for me?

My module does have the "read" permission and the users role has that read permission checked. The module does have the site bound to it. There is no SiteID column defined in the TypeInfo definition. The user is bound to the site.

Hi Brenden,

Do any REST requests with the same basic authentication work for other, default system objects?

What settings do you have for authentication type in Settings -> Integration -> REST..., is it Forms or Basic auth? Perhaps a look into your class TYPEINFO might reveal something as well, could you optionally paste it here?

Thank you in advance for information.

Regards, Zdenek

I'm having sort of the same issue with a custom table. I can authenticate as the Global Administrator and get the cms.user/Administrator?format=json data back but when I try a custom table class, 403. Submitted a support request, we'll see if I've got something configured incorrectly.