Does Salesforce REST API (not the Apex Rest API) inherently respect field level permissions while fetching data ?
Tried to find this in the SF documentation but no luck. Any help is highly appriciated
Does Salesforce REST API (not the Apex Rest API) inherently respect field level permissions while fetching data ?
Tried to find this in the SF documentation but no luck. Any help is highly appriciated
Best Answer
Invoking a custom Apex REST Web service method always uses system context. Consequently, the current user's credentials are not used, and any user who has access to these methods can use their full power, regardless of permissions, field-level security, or sharing rules. Developers who expose methods using the Apex REST annotations should therefore take care that they are not inadvertently exposing any sensitive data.
Reference from developer.salesforce.com