Execution permissions are not honored when invoking cloud function via REST API

A function is created with no execution access (please refer the screenshot)

When invoking the function from client SDK, it returns user not authorized as expected AppwriteException: user_unauthorized, No permissions provided for action 'execute' (401)

When invoking the function via REST API, it ignores the permissions and invokes the function

TypeScript

curl --location 'https://<masked>.appwrite.global/' \
--header 'Content-Type: application/json' \
--data '{}'
{"code":500,"type":"InternalServerError","message":"Internal Server Error"}

TL;DR

Execution permissions were not being honored when invoking a cloud function via REST API, even though permissions were set. The issue was fixed in version 1.5.x.

Is the error 500 is from your function?

It sounds like a different error.

What do you get when you going to your function in the browser? https://<masked>.appwrite.global/

Yes 500 is from my function as I'm passing empty payload.

If I do GET request or invoke in the browser, function is invoked and below error is returned from my function. Not sure why the function is invoked in the first place ignoring the permissions.

TypeScript

{"code":405,"type":"MethodNotAllowed","message":"Method Not Allowed"}

The permission type for direct URL was added in version 1.5.x

In version 1.4.x it will be possible to execute a function directly without any permission

As can bee seen here

Glad it was fixed in 1.5.x. Thanks for the clarification.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support