I want to use Customuserinfo API for getting custom data of users. After testing it, I realized that any user can get custom data of other users by using Customuserinfo API. Is there any problem? I think it’s a security problem.
I try API in version 7.7.4 and 7.8.4.
Is there any way that users access only their information?
All users in Bonita organization have administrator profile and full access to all APIs (this make testing a lot easier). But of course in production it is highly recommended to give the minimal required access to users.
You can learn more about REST API security configuration in the dedicated documentation page.