The latest version of NATS includes an updated permissions system for both the SOAP and REST versions of the NATS API. These settings allow precise control over when a function or resource is available on a particular account. With this, program owners would be able to set up accounts to have access only to the data and functionality that pertains to their task.
In the Affiliates Admin, you can set up the permissions of the SOAP API functions using the "Change SOAP API Permissions" action icon next to the Account in question. Within this page, SOAP API functions are set into either an "Allowed" or "Disabled" list. Much like Allowed/Disabled Affiliates in Programs, you can move any of the available functions from one column to another using the checkbox next to the function and the associated button at the bottom of the list. You also have the ability to check all functions, none, or invert the current selection using the links next to the Enable/Disable button.
For REST API Permissions, you would click on the "Change REST API Permissions" icon next to the Account in question. Within this page, you have the option to set whether a Collection, Method, Resource, or any of the combinations available is "Enabled" for this particular account. Since the REST API system is separated by Collections and Methods, you can set specific control to what the account will have access to. For example, if you want to give an account access to all Adtool resources, but nothing else, you will enable the permission just for Collection: adtool, Method: Any, and Resource: Any.
In addition to these API permissions setting for accounts, you have the ability to turn these API systems on or off globally using the ENABLE_SOAP_API and ENABLE_REST_API configuration options found in the Configuration Admin under the "Security" section. For more details on our SOAP and REST API systems please visit our documentation for SOAP and REST. We also have documentation in regards to best practices associated to the NATS API here.