API Security
Hi All, I'm working with a development team and want to limit their access to sensitive data within our application. The developer will require making extensive API calls. I'm aware that this le...
Forum Discussion
Hi Mark,
True. And that does make is seem like a good path to go down. My question is more to confirm this statement:
"If I give a developer access to an app, where they can create a user token, they can apply that user token only to apps which they have been given access to. Therefore, they will not be able to use any API method to access the other applications in our domain"
If the statement isn't true, is there another way to give a developer API access to one app, while restricting their access from any other apps on the domain.
Thanks,
Jake
------------------------------
Jake R
------------------------------
MarkShnier__You
Qrew Legend
Qrew LegendYes, when a user creates an app token, that app token becomes them, in terms of their permissions.
So if they were a viewer to an app, then anyone using their token would also just be a viewer, and if they had no access to an app then neither would their token. I have not tested if its possible to assign a User Token to an App where you have no access (ie I doubt that app would even come up on a list), but regardless if the userid does not have access to an app, then neither will be Token. And if the User later loses their access to an app, then so will their Token lose access.
------------------------------
Mark Shnier (YQC)
Quick Base Solution Provider
Your Quick Base Coach
http://QuickBaseCoach.com
mark.shnier@gmail.com
------------------------------
So if they were a viewer to an app, then anyone using their token would also just be a viewer, and if they had no access to an app then neither would their token. I have not tested if its possible to assign a User Token to an App where you have no access (ie I doubt that app would even come up on a list), but regardless if the userid does not have access to an app, then neither will be Token. And if the User later loses their access to an app, then so will their Token lose access.
------------------------------
Mark Shnier (YQC)
Quick Base Solution Provider
Your Quick Base Coach
http://QuickBaseCoach.com
mark.shnier@gmail.com
------------------------------
- Thanks Mark. You are correct that if there is no access to the an application it will not appear in the list. Appreciate the feedback. That makes me more confident about securing our apps with this method.
------------------------------
Jake R
------------------------------