Core Docs - Supporting Rock - Secure the API

Rock Version: v19.0
Last Modified: 2026-04-07 8:27 AM

Your Rock database holds sensitive information. In Rock, sensitivity equals security. Here's how to secure your REST API endpoints.

See the Rest Controllers settings at Admin Tools > Settings > Security > REST Controllers. Select ti ti-lock to configure the settings.

You will notice that a different settings page pops up depending on whether you are securing a v1 or v2 API controller.

v1 API

v2 API

Understanding v2 API Controller Security

By default, the v2 API Controllers are locked down for all users. That’s intentional, we wanted to start with strong security so you have full control over who gets access to your data. Before you open things up, it’s important to understand what each permission does: