Merge pull request #181 from ltran-mdb2/DOCSP-45119

ltran-mdb2 · web-flow · commit 2f5b3d3afce6 · 2024-11-14T09:40:19.000-05:00
DOCSP-45119-REST-API-security
diff --git a/source/api-docs.txt b/source/api-docs.txt
@@ -31,13 +31,21 @@ you access the application on (either ``8278``, ``8080``, or ``443``).
 How the REST API Works
 ----------------------
 
-The Relational Migrator REST API:
+The Relational Migrator REST API runs on the client computer or server
+that has Relational Migrator installed. By default, Relational Migrator
+does not expose the API to any remote computers. If you use the default
+security settings, you must make all calls to the API on the same
+computer that you are running Relational Migrator on. 
 
-- Runs on the client computer or server that the Relation Migrator 
-  application is installed on.
-- The Rest API is controlled by the host adapter binding.
-- The Relational Migrator REST API **does not** currently support 
-  authentication.
+If you want to remotely access the REST API, configure the
+``unattended`` profile by :ref:`installing Relational Migrator on an
+unattended server <unattended-server>`. 
+
+.. warning::
+
+   The REST API does not support authentication. If you enable remote
+   access, users do not need to authenticate to call the API which may
+   cause security vulnerabilities.
 
 When to Use REST API
 --------------------
