Users and groups
Not all APIs are meant to be public; some require elevated privileges. By configuring users and groups, implementing fine-grained permissions for securing various components across the application becomes a breeze.
Martini's security model is composed of two units:
At minimum, a user consists of a username and a password. Users contain the credentials to be used when authenticating1 a particular invocation request.
Groups enable a convenient way of aggregating authorizations for similarly-privileged users.
In the next sections, the documentation describes how to manage users and groups and how are they used with various authentication schemes such as Basic or OAuth 2. The documentation also describes how to secure incoming invocation requests of Gloop APIs, and Groovy APIs.
The next chapter also shows request throttling and monetization with users and groups.
Although users are mainly used for authentication, they can be used as well for authorization, like groups. ↩