Hello,

I'd like to make my Workflow REST API open to the internet.

I have two scenarios:

1. A limited list of a clients, using a client-side certificate to authenticate and secure.

2. A virtually public access using Anonymous Authntication but implementing an "API Key" to ensure I control who has access to POST.

3. Other options?

On option 2, I think it would be handy to block GET commands. How would do this? Is it possible to set up two end points: GET requires Windows Authentication and POST requires Anonymous? Or that GET only works from designated addresses?

I think I can't block GET altogether because it's used by other Laserfiche services.

-Ben