Simplify your stack and build anything. Or everything.

Schedule a Demo

USE CASES

Headless CMS Enterprise App Builder Headless E-Commerce Digital Asset Management

FEATURES

Multi-Tenancy White Label Localization Access Control Auth

CASE STUDIES

See what others are building with Payload.

Browse Case Studies

Build tomorrow’s web with a modern solution you truly own.

PAYLOAD IS FOR

Developers Marketing teams Enterprise companies Agencies & Consultancies

COMPARE PAYLOAD

Payload vs WordPress Payload vs Contentful Payload vs Sanity Payload vs Strapi Payload vs Directus

AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a Partner Find a Partner

Code-based nature means you can build on top of it to power anything.

Resources

Documentation Examples Templates GitHub Releases Blog Guides & Tutorials

Community

Roadmap Discord Community Help

Resources for Developers

Get the resources you need to start building today

Guides & Tutorials Explore Docs

It’s time to take back your content infrastructure.

Schedule a Demo

Enterprise Features

SSO AI Auto-Embedding Publishing Workflows Visual Editor Static A/B testing AI features

Customer Stories

Microsoft ASICS Blue Origin Hello Bello Tekton

Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study Browse all

Login Get Started

Limit the REST api to certain authed collections

mosattler2 years ago

2

Hi!

I have two collections that have auth activated:

- staff (admin user)

- users

The staff can log into the admin interface, users can only login to the app.

Since my app is SSR, I am using the local API for the app, and the REST Api is only used by staff users (through the admin interface).

I was wondering if there is a way on how I could deactivate the REST api for my

user

collection. This would greatly streamline access control for me.

paulpopus2 years ago
Hmm not aware of anything specific for global control, does an express app-level middleware function work?

https://expressjs.com/en/guide/using-middleware.html
https://payloadcms.com/docs/authentication/using-middleware

I havent tried this

I don't think this part of the config is exposed to us yet
https://payloadcms.com/docs/access-control/overview#default-settings
mosattler2 years ago
The middleware could do the trick - thank you!

Continue the discussion in Discord

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.