Each API request is restricted to the Space that indicated by the path parameter in the URL. In other words, responses will only contain results for items that are associated to the Space that is being accessed. Security policies are also evaluated to ensure only items the user has access to are returned in the response.
If an API request was sent to get a list of Kapps, only Kapps associated to the Space that the current user has access to will be returned. The response will not contain any Kapps associated to a different Space in the system, and it will not contain any Kapps that the user does not have access to.
Every API request requires user authentication. If an authenticated session has already been established, then the user identity held in the session will be used. Otherwise a Basic Authentication header can be included with the request, supplying the token associated to the username and password for the Space user.
See the Authentication guide for more information.
Note that the Kinetic Task handlers for Kinetic Request CE use the API and need to authenticate, so those can provide a working sample.
All responses will be returned using the JSON format.