function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Rafi Bin-NunRafi Bin-Nun 

Record Level API Access Control

We only want to expose a subset of an object’s records via API, is this possible? If so, how?
Carolina Ruiz MedinaCarolina Ruiz Medina
Hi Rafi Bin-Nun,

Sorry, I'm not quite sure what are you trying to do, but may be these links with specific info about the different ways of sharing and expose data can help you in order to take a decision on how to share/expose the records and objects thorugh API or within your organization. (

Said that and re-reading your question: expose a subset of records via API: 
I think , with in the link , you will find that Sharing Rules could be your closer option, however if you don't want to use the ownership in order to expose / share the records your solution would be to implement and Apex API to manage what exactly you would like to expose and share to others. 

Hopefully the info helps a little bit. :)

Rafi Bin-NunRafi Bin-Nun
Thanks Carolina, This is very helpful.
The Apex API route would be ideal. Is there a way to restrict REST access to a particular Apex class? We created an Apex REST class (which exposed exactly what we wanted), but once that’s permissioned how do we prevent the user from issuing direct REST calls and querying the object directly?
Rafi Bin-NunRafi Bin-Nun
This can be done by restricting the user/profile to API Only and only permissioning them for a specific connected apps and Apex REST classes.