RUAL Documentation
Getting started Core versions
v14.0.1 v13.0.9 v13.0.8 v13.0.7 v13.0.6 v13.0.5 v13.0.4 v13.0.3 v13.0.2 v13.0.1 v12.1.6 v12.1.1 v12.1.0 v12.0.7 v12.0.6 v12.0.5 v12.0.4 v12.0.3 v12.0.1 v12.0.0 v11.5.18 v11.5.15 v11.5.13 v11.5.7 v11.5.5 v11.5.3 v11.4.7 v11.3.3 v11.3.2 v11.3.0 v11.2.5 v11.2.1 v11.1.17 v11.0.1 v11.0.0 v10.6.7 v10.6.2 v10.6.1 v10.5.10 v10.5.2 v10.4.54 v10.4.53 v10.4.52 v10.4.51 v10.4.47 v10.4.46 v10.4.29 v10.4.28 v10.4.21 v10.4.20 v10.4.16 v10.4.15 v10.4.14 v10.4.7 v10.3.14 v10.3.13 v10.3.11 v10.3.2 v10.2.9 v10.2.7 v10.2.1 v10.1.2 v10.0.18 v9.4.42 v9.4.39 v9.4.4 v9.3.25 v9.3.13 v9.3.5 v9.3.2 v9.2.15 v9.2.5

Cluster

User Access API's
authentication user

Blocks

All blocks
Apple API Home Automaton a* path finding aggregation alias amazon aws android apn array attributes banking base64 broadcast browser chatgpt condition crypto date discord dobot edifact events field validation fields files float floriday flow foreach ftp function execution function selectors funnels geopoint github globals google google maps http http connection injectable functions json json web token jsonp line stop listener locking logging mailchimp math messagebird modal functions mollie mssql mutations number object pathfinding postmark postmark account printer query querystring queue redis references regexp saltedge scaper scopes scraper session management sftp shipping soap connection ssh connection state actions state elements state triggers state ui state: ui storage studio functions stylesheet styling system settings threads tikkie timers timezone translations twilio twinfield twitch type casting ui ui class users value vat virtualisation webhooks websocket xml zip zpl

Deployment

How to Deploy

Interfaces

Context Menu Components RUAL Library RUAL Components Handle Iterations Overwrite Defaults

Blueprints

Introduction Tips & tricks Storages Storage Events Repeating Events Queue Assets System Settings Common pitfals Precompiling Remote access control

Other

React Native

Remote Access Control

Seamlessly manage access for all your pages and endpoints, including advanced methods for securing API endpoints, ensuring streamlined control and robust protection across your system.

Basic Access Control Information

Our system includes an advanced access control mechanism called Scoping. This feature allows you to assign specific scopes to users, functioning as digital keys to access certain pages and APIs. Scoping ensures secure and controlled entry management. For a detailed tutorial on assigning scopes to users, refer to Giving Users a Scope.

When a state page is created without any assigned scopes, it becomes accessible to all users by default. This configuration is referred to as the *public scope, providing unrestricted access to the page.

To easily determine whether a page is public or private, you can check the scope menu button's icon without opening the menu:

  • Open Lock Icon: Indicates that the page is public and accessible to all users.
  • Closed Lock Icon: Indicates that the page is private and requires users to have the necessary scope for access.

The image below illustrates both scenarios for better understanding.

Example of a state page with scopes

Scopes Management Modal

To manage scopes for a specific block, click on the lock icon associated with it. This will open the Scopes Management Modal, where you can perform the following actions:

  • Select Additional Scopes: Choose existing scopes to grant users access to the block.
  • Deselect Unnecessary Scopes: Remove scopes that are no longer required for access to that state page or API.
  • Create a New Scope: If the required scope does not already exist, simply type the desired name into the search input. A green button will appear, allowing you to create the new scope instantly.
Scopes management modal

Default Scopes

When you create a new RUAL cluster, two default scopes are automatically generated:

Scope name Description
*public This scope serves as the default for all state pages and APIs. If no other scopes are assigned to a state page or API, they will automatically use the *public scope, making them accessible to everyone.
*loggedin This scope is optional and not selected by default. When applied, it restricts access to logged-in users only, ensuring that unauthenticated users cannot view the page. Instead, they will be redirected to the forbidden access page (/403).

API-Specific Access Control

For API endpoints, in addition to the standard scoping system we have introduced two advanced access control options in RUAL core v13.0.7:

API Rate Limiting

This feature allows you to add a rate limit to an API in just a few seconds. The rate limit settings modal includes an enable switch and three configurable fields:

Type

Select the key type used for managing the rate limit. There are five options available:

  • URL: Applies a rate limit to the entire API URL, covering all methods for all users.
  • URL + User: Applies a rate limit to the entire API URL, covering all methods but specific to each user.
  • Method + URL: Applies a rate limit to the combination of the API URL and the method, specific to each method but for all users.
  • Method + URL + User: Applies a rate limit to the combination of the API URL, the method, and the user, specific to each method and user.

Max Requests in Timeframe

Set the maximum number of requests the key can make within a specified timeframe using this input field.

Timeframe in Seconds

Define the duration of the timeframe in seconds using this input. For example, if the timeframe is set to 30 seconds and the max requests are set to 10, the key can make up to 10 requests within 30 seconds. Any additional requests during that timeframe will be blocked.

API Throttle

This feature enables you to add a throttle to an API in just a few seconds, effectively functioning as a lock-and-wait system. The throttle settings modal includes an enable switch and two configurable fields:

Type

Select the key type used for managing the throttle. There are five options available:

  • URL: Applies a throttle to the entire API URL, covering all methods for all users.
  • URL + User: Applies a throttle to the entire API URL, covering all methods but specific to each user.
  • Method + URL: Applies a throttle to the combination of the API URL and the method, specific to each method but for all users.
  • Method + URL + User: Applies a throttle to the combination of the API URL, the method, and the user, specific to each method and user.

Timeout

Use this input to set the timeout duration for API requests. For instance, if the timeout is set to 10 seconds, the key will be allowed to make one request every 10 seconds.

API access control settings

RUAL Docs is an integral component of the RUAL ecosystem