*bump*
Can someone from zabbix team reply please.

Thanks

* bump *
can someone reply please...

Thanks

Wow, is there really not a separate permission system for API usage?
This could be a security issue - did you experience anything that users can do via the API that they are not allowed to do via the web frontend?
What else are your considerations for allowing users access to the web ui but not to the API?
In any case, please open a Ticket on that! Thanks!

Did you check what is possible to assign to exact user? IMO not because you will knew that it is separated permission to allow access to API gw for exact user.

Thanks all for the reply.
Requirement : Allowing API calls to only one / limited number of users. Or disable whole api access to users, ask them to use only dashboard - read only access. I can limit write permissions via groups, but even with read permissions, users can get
I feel there should be a way to block users from accesing API.
I can also move the file jsnrpc but that blocks scripts to accessing that.

I must honestly apologise. I was wrong.

In zabbix >= 2.0 there is no separated permission allowing to block access to API GW. Before it was (sometimes I'm forgetting that I'm using zabbix more than 12 years and in mean time many things changed).
Reason is very simple: zabbix web app evolves in direction where all operations internally goes over API GW which code is now part of the web frontend.
In other words whoever have the access to web interface must have access to API GW (by definition)
API GW is more and more separated from rest of the web frontend. At some point it should be possible to rewrite API GW code to be standalone (not web) based application/service.
It is huge potential in decrease DB queries numbers and by this by speedup zabbix stack start caching data within API GW.
I wrote about this few years ago that it is possible to cache for example data necessary to draw graphs by dropping last points of the graphs data series and adding on the from the data received from metrics. All without interaction with DB backend.

Thanks for the reply. But this doesn't solve my problem unfortunately. Will have to think on some other way's to restrict then.

So again.. what is your problem?

Oh, my bad. I thought i explained it earlier, sorry for not putting it correctly.
I have these users , who i have given web UI to see things with what can be seen limited via hostGroups. Now, how do i limit them to not to use API's? with this server version, API's are accessed with folks with frontend access. Other than moving the file to some other name, is there any better way to put this is what my ask.

So again: you cannot do this because internal architecture of the zabbix web frontend.
More important question is why do you want to limit him access if over web frontend (even if API gw would be not part of the web frontend) you can access to exactly the same set of data and operations? Do you see the point? When someone authenticating to the API gw it identifies such person permission to exact operations/data depends on the authenticated use/group.
Where is real propose of such privileges?
If you want to only limit rate per second of the queries to API gw you can do this on web server layer.

Ok , Thanks for the reply. I think i got the answer