Controlling Access to the Administrator API
The Administrator API provides two levels of permissions:
Administrators, that is members of the Administrators group have full access to the Administrator API. Users who belong to the Administrators group may perform all CRUD operations and administrative actions.
Read-only administrators who may only issue GET requests.
If a read-only administrator uses any other HTTP method in the Administrator API, the server rejects the request with a 403 status code. Read-only administrators belong to a user group that is assigned to the watt.adminapi.group.readOnly server configuration parameter.
Note: If a client who is not an administrator or a read-only administrator issues an Administrator API request, the server rejects the request with a 403 status code.