Address Contact Detail Restriction
See the "User Access" chapter of the Security Guide for details of this type of access restriction. The HTTP API will only expose addresses to which the user has access to.
Concealing of Linked Resource
The HTTP API does not support this case. Addresses do not act as linked resources, they can only act as top-level or sub resources.
Inference Prevention
The HTTP Query API supports searching for persons or relations based on their address:
/[api-context-root]/generic/persons?q=addressList.houseNumber.eq(1)
When a restricted address would be used for finding the persons with house number 1 and a person would be returned, it can be inferred that the person has house number 1, although the address is not present in the returned resource representation.
Therefore, when searching for relations or persons based on address, only addresses a user has access to are used. The HTTP Query API will automatically add an additional filter when an address attribute is used as query condition.
This restriction does not apply when searching for relations or persons without any address search criteria.