Docs‎ > ‎API Creator‎ > ‎Security‎ > ‎


The server determines what authenticated API calls are authorized to do by looking at the roles assigned to the auth token. The following sections explain the basic facilities.

For more information:

Role-Based Access

For more information about role-based access, including how to define a role, define and reference a global, and define role permissions, see Roles.


Globals are variables that API Creator makes available to each transaction so that they can determine what data the user should have access to.

Auth token Globals

In most cases, your authentication provider makes the values of the auth token available as globals (e.g., LoginId), with the possible exception of the password. In addition, your authentication provider can return a set of global values.

Typical examples:
    • Scalar values such as UserName
    • Objects such as a database row (e.g., retrieved by LoginId)

Default Authentication Provider Globals

The Default Authentication Provider provides the following variables for an _apikey:
  • user_identifier - e.g, @{_apikey.user_identifier}

System Globals

API Creator predefines system globals, sets them for every transaction, and references the predicate:

Name Value Example
_apikey The auth token (_apikey) object currently in use. @{_apikey.project_ident}
_project The Project currently in use. @{}
_account The Account currently in use. @{}