Application Token Not Working?
Hey guys! My app has the "Require Application Tokens" field checked to true, however, I do not need an app token to use the QB API and pull data from it. I would really like to create a more secur...
Forum Discussion
I'm a goof, I just read this:
My question then is how do I stop my users from just making a User Token and getting access to the information I don't want them to have?
Normally, I would use roles. But I was steered away from doing that by a few QuickBase gurus. So I thought of hiding the table and blocking API access. But apparently that won't work either.
What other options do I have?
------------------------------
Sterling Long
------------------------------
- Authenticating with a user token: If you authenticate yourself to Quick Base with a user token, no application token is needed, even if one is assigned to the app you're accessing. The user token can be assigned to one or more apps, and provides built-in security that ticket authentication does not. However, user tokens are not allowed for all API calls.
My question then is how do I stop my users from just making a User Token and getting access to the information I don't want them to have?
Normally, I would use roles. But I was steered away from doing that by a few QuickBase gurus. So I thought of hiding the table and blocking API access. But apparently that won't work either.
What other options do I have?
------------------------------
Sterling Long
------------------------------
- MarkShnier__You
Qrew Legend
Role security is what you should be using. That is exactly how you control which records and fields a User has access to.
A User Token just is a secret code which when used in a API has the same permissions as the real User. So if a user creates a User Token and uses an API, then they still have the same access that they always did.
------------------------------
Mark Shnier (YQC)
Quick Base Solution Provider
Your Quick Base Coach
http://QuickBaseCoach.com
markshnier2@gmail.com
------------------------------
