By I would like to be able to do more with the API than just searches, such as creating and updating people. Currently this is possible with the test token, but not an OAuth token.
A global permission level for the API would be enough, along with a flag on users to specify if they can OAuth and use the API's extended permissions. That way I could grant fine-grained permissions to the API, then give just a few users access to the API through OAuth. I would really like to stop using the test token because that's terrible security long-term.
Grigory,
You can limit access to staffers by toggling their permission set. If you navigate through the control panel to Settings > Permission sets > select the permission set you want to limit authentication for > and scroll to the bottom you will see the option under API. Toggle this to 'no' and then assign that permission set to staffers you want to limit app authentication for.
Showing 1 reaction
Sign in with