Service permissions when using controller mapping

Enonic version: 7.0.2
OS: Linux

I have create a service and mapped it’s controller in site.xml.
The service.xml looks like this:


The mapping looks the following:

<mapping controller="/services/service/service.js" order="10">

When I enter it via, everything works as expected.
However if I open it via, I can enter it even if I am an anonymous user.

A mapping, and a service are two different kinds of things, the mapping is pointing to the control ler, not the service - so it does not matter what you declare in the service definition

Also, calling a service “service” is most likely bad practice :wink:


Thanks for a reply.

What is the best practice to implement pages like “search”, “cart”, “checkout”, etc.?
Currently I used service, but the urls were not nice? Is it better to “beautify” url somehow or use some other stuff from XP?

Any reason why you need “Nice” URLs for this? We recommended building APIs with Graphql. If you need a nice endpoint, use mapping :slight_smile:

This is not an API. It is a page with a template, which can be seen by a user in a browser.
I used PayUp application as an example for this:

I will think a little bit more about how to make it better. :wink:
Thanks for advises. :slight_smile: