Perform entity validation for POST API in Mendix

I use Mendix to handle backend of my project. I have published Rest APIs for all entities. I have set some validations as well i.e. 'Email must be unique', 'User name is required' etc. If I add duplicate email address then it throws response like 'You are not allowed to access this resource' with status code 403 - Forbidden. So I'm not sure where all validations being checked before execution of post microflow. Kindly let me know the process and how can I handle server side validations which I have set in entities. Let me know if any further information required.   User entity has validation for email as it must be unique.
2 answers
  1. Does the user have access to the microflow executing the POST action?
  2. Does the user have access to the entity/members mapped
  3. Where does the POST call take place in the process?

Validations at domain model level are validate at insert or update at database level. so if your data which you POST originate from the database, its validated. If it is entered by a user, but didn't hit the database, no validation has taken place. In these scenarios you should validate in the microflow before POST activity 


Sounds like access rights are not set up correctly in the domain model.