Summary:
The original behavior of the RepliConnect API was that the API operated in an admin context i.e., someone with RepliConnect API permission could see and operate on all data in the system. However, the permission had to be turned on explicitly by Replicon server team for the Web TimeSheet instance of customer. RepliConnect API is now enabled by default for all customers, with a new User level of security.
  • This means, to use RepliConnect, you'll need to provide an HTTP header named X-Replicon-Security-Context.
  • The header value you provide indicates the security context under which API requests will operate.
  • Unlike the Full security mode offered in previous versions of RepliConnect, user-level security checks user permissions.
  • This allows you to query data needed but does not allow you to create them.
  • That is, you can query on client and project data but cannot create them.
  • To be able to create them through the RepliConnect API, Replicon server team will need to enable the full RepliConnect API as before, and then a new permission  Can view all system data will become available which will then allow a user to operate in an admin context by omitting the X-Replicon-Security-Context: User header.
Legacy applications developed before the introduction of the X-Replicon-Security-Context header can operate without a security context, providing the Can view ALL system data API permission is enabled.
 
More Information:
Please use the following link for more information about RepliConnect API.