Setting user permissions for POST /activities

In creating a resource, one needs to check for the necessary permissions in the following ways:

Does the user have ability to view the resource?
Does the user have the ability to create the resource.

Thus, in order to create activities on an account, the user needs both of the following permissions:

The ability to view an activity.
The ability to create an activity.

It is possible to stipulate directly within the Swagger schema file that the user has the necessary system permission to create an activity resource.

Adding a user permission to the Swagger schema

Add the activity system permission directly in file activityAPI-1.0.swagger.yaml, underneath the POST entry, as shown.

/activities:
  post 
    summary: "Creates a new activity"  
    description: "Creates a new activity"  
    operationId: createActivity  
    x-gw-permissions:  
    - actcreate
    ...

Next steps

After adding the Swagger schema in Studio and updating the API handler file, do the following:

Recompile the PolicyCenter application
Restart the application server