Execution permissions are not honored when invoking cloud function via REST API

A function is created with no execution access (please refer the screenshot)

When invoking the function from client SDK, it returns user not authorized as expected AppwriteException: user_unauthorized, No permissions provided for action 'execute' (401)

When invoking the function via REST API, it ignores the permissions and invokes the function

curl --location 'https://<masked>.appwrite.global/' \
--header 'Content-Type: application/json' \
--data '{}'
{"code":500,"type":"InternalServerError","message":"Internal Server Error"}

Is the error 500 is from your function?

It sounds like a different error.

What do you get when you going to your function in the browser? https://<masked>.appwrite.global/

Yes 500 is from my function as I'm passing empty payload.

If I do GET request or invoke in the browser, function is invoked and below error is returned from my function. Not sure why the function is invoked in the first place ignoring the permissions.

{"code":405,"type":"MethodNotAllowed","message":"Method Not Allowed"}

The permission type for direct URL was added in version 1.5.x

In version 1.4.x it will be possible to execute a function directly without any permission

As can bee seen here

Glad it was fixed in 1.5.x. Thanks for the clarification.