Create a web service

You can create a web service, using Sitefinity CMS backend UI. 
To do this, perform the following:

A single route may have one or more services. A service is a group of exposed types.
To create a web service, perform the following: 

1. In Sitefinity CMS backend, navigate to Administration » Web services.
2. Click Create a web service.
3. Enter a name for the web service.
   The Name property is the user-friendly name of the service.
4. Define the URL via which the service will be accessible.
   Sitefinity CMS creates an auto-generated URL, based on the route URL and the name of the service.
   To change it, under URL name, click Change and enter a new URL. This way, you change property UrlName, which is the second segment in the URL that is used to build the full URL. 
   
   You can change the the first segment through the Advanced settings. For more information, see Web service route.

To define the access permission for the service, perform the following:

1. Under Who can access the content by this service?, select one of the following:
   • Everyone
     By selecting this option, you set the Access property to Anonymous.
     This option gives permissions to anonymous and authenticated users to read the content defined by the web service and also gives permissions to authenticated users to modify the content (perform CRUD operations), based on their roles and permissions, defined in Sitefinity.
   • Authenticated users
     This is the default value. By selecting this option, you set the Access property to Authenticated. 
     This option restricts anonymous users from either reading or modifying the content provided by the web service. Anonymous users will receive a 401 Unauthorized status code. Only authenticated users are allowed to view and modify the content (perform CRUD operations), based on their roles and permissions, defined in Sitefinity CMS. Authenticated users who do not have permission to manipulate data will receive a 403 Forbidden status code.
   • Administrators only
     By selecting this option, you set the Access property to Admin.
     This option allows only admin users to access the service and perform CRUD operations with the data. Authenticated users will receive a 403 Forbidden status code and anonymous users will receive a 401 Unauthorized status code.
2. To restrict the user access by the domain, which the users belong to, select Allow users from specific domains only. 
   This checkbox sets the AccessControlAllowOrigin (CORS) property, also known as the CORS policy. By default, CORS is enabled and using this setting.
   Enter one of the following:
   • Enter the comma separated list of allowed domains, one per line.
   • Enter *
     Every request from every domain will be allowed. We do not recommend this, because there may be malicious users who would try to exploit the service. We recommend to specify only domains that are trusted.
   • Leave the box empty.
     If you do not select the checkbox or leave the list empty, then the CORS policy will fallback to the AccessControlAllowOrigin setting in the SecurityConfig.config file. If that setting in the SecurityConfig.config file is empty, then requests only from the same domain are allowed.

Each service may have one or more types. You cannot add one and the same type twice in a service.
To configure the types that are exposed by the service, perform the following

1. Select the content types that will be included in the web service.
   1. Under This service provides access to..., click Change.
   2. Select one of the following:
      • All content types
        All supported content types will be included.

        NOTE: By selecting all types, you are setting the AutoGeneration property of the service to true. It controls how the types to the service are added. If it is set to true, the types of the service will be automatically populated from OOB Sitefinity CMS recommended types and their properties.
        This means that every newly added or removed custom field or dynamic type will be automatically added or removed from this collection. The changes to the configuration are reflected immediately after a save action occurs. An exception is the navigation property for comments, whose AutoGeneration mode depends on the configuration in the Comments module. A change to the comments settings require an application restart.
        You can turn off auto-generation from the Advanced configuration of types.

      • Selected content types…
        A list of all supported content types appears where you select the content types that you want to be included in the service.

        NOTE: By excluding some types, you are setting the AutoGeneration property to false. This means that changes to the custom fields and the dynamic modules will not be automatically reflected in the service. You have to manually maintain the collection of types.

   3. Click Done.
2. If you want to change the auto-generated URL of the type, click the URL of the type and enter the new one.
   This way, you set the UrlName property of the type, which is the third segment in the URL that is used to build up the full URL. This property is unique per service.
3. If you want to set individual access level for a content type that is different that the access level, you set for the entire web service, click Advanced.
   In the ACCESS dropdown box, select the desired access level for each individual content type.
4. The web service is deactivated by default, if you want to activate it, select This service is active.
5. Click Create this service.

In the advanced settings of the service, you can configure more settings, such as modifying the fields and the field properties of a type, configuring semantic queries, setting the lifecycle status of content items that are included in the service, adding and removing custom types from the service.
For more information, see Advanced configuration of types.