There are two ways to access the Endevor API:1) Your program resides in an authorized API library - in this instance the JCL executes the NDVRC1 program sending your API program as a parameter as noted below. As this method allows all Endevor functions, it makes sense that only the Endevor admin can execute this. //STEP1 EXEC PGM=NDVRC1,PARM='TESTAPI1,DATA1,DATA2 2) Your program is a non-authorized program and can therefore be in any library - in this instance the JCL executes your API program directly as noted below. As this method only allows "display" access using the API, you would think that anyone could access this functionality that has read access to the Endevor libraries. However, when the API is invoked, Endevor performs a verify on the MCF. This requires CONTROL access be given to all who wish to execute the API. //STEP1 EXEC PGM=myapipgm,PARM='TESTAPI1,DATA1,DATA2 I would like to use only the second method and allow developers access to the API. However, I do not want to grant CONTOL access to all developers because this is a security risk. Currently, after each compile during development, we need to request the Endevor admin execute the program. Not optimal for development. For adhoc development execution, we either can request the Endevor admin execute the program or make it a production job and have scheduling execute it via zeke. It would be nice if a developer could develop and execute a "list api" without having upgraded security access. Does anyone have a workaround to this?