Hi James, what is the use case for this type of user?
Permissions for API user
Is there a minimum set of permissions/data access associated with API access for an integration user and is it different to what that user can see via the UI?
I am trying to create an integration user that only has access to a limited set of test data (using API keys for authentication) but when I test what projects this users can see via an API call and API key (data/entityQuery) they can see more projects than I see if I log in to the application as that user and search for all projects (we are using enhanced permissions).
I saw the recommendation that Integration users with API keys should have Admin Lite but assumed that was so various API operations would not fail unexpectedly due to lack of permissions. Seems odd that the Integration user would be able to access more data via the API than the UI
Please sign in to leave a comment.
The use case is to limit the data the API user can see using permissions (we are using enhanced permissions and user groups to manage who can see what). The plan was to do this both during development so the developers can only see test data in sandbox and in production as a secondary control on what data is made available by the API. The API user is being used as part of an API integration to send Clarizen data to our data lake for integrated reporting.
Could you please provide the body and the headers (excluding any keys) you're using to make the API call?
For a bunch of reasons i am having to use VBA to test this so tricky to reproduce the exact call but the code is below. The result of this was a list of projects including projects the API user did not have permissions to view in the UI
Dim objRequest As Object
Dim strUrl As String
Dim blnAsync As Boolean
Dim strResponse As StringSet objRequest = CreateObject("MSXML2.XMLHTTP")
strUrl = "https://apie.clarizentb.com/v2.0/services/data/entityQuery"
blnAsync = True
.Open "GET", strUrl, blnAsync
.setRequestHeader "Content-Type", "application/json"
.setRequestHeader "Authorization", "ApiKey XXXX-EnterKeyHere-XXXX"
.setRequestHeader "typeName", "Project"
.setRequestHeader "fields", "Name"
'spin wheels whilst waiting for response
While objRequest.readyState <> 4
strResponse = .responseText