Forum Discussion

HershGupta's avatar
HershGupta
Qrew Member
2 years ago

Permissions for REST API

How do I allow non-Administrator roles to have access to my Quickbase application via the REST API? 

Currently, it looks like only Administrators have REST API access. 



------------------------------
Hersh Gupta
------------------------------
  • Is there a scenario where you're seeing that users cannot? The REST API requires a usertoken or a temptoken which may be a little more obscure to an everyday user, but there isn't anything specific about the REST API that would prohibit non-Admins from using it. 

    If you're trying to have non-Admins access your app via the REST API they would need to use their own usertoken or setup a process to generate a temporary one via whatever process they're accessing your application.



    ------------------------------
    Chayce Duncan
    ------------------------------
  • To elaborate a bit on what @chayce mentioned, you may want to consider:

    • Create a new User specifically to leverage the API
    • Create a new Role with the appropriate API Access (Permissions)
    • Assign that new "API Role" to the "API User"
    • Create a new User Token for the API User

    The first three points are optional, but I've found that it helps to isolate API Permissions for troubleshooting and maintenance. And may help future proof you app a bit, so that shared Permission aren't changed which could inadvertently impact API calls.

    For the latter, you may need to login to your Quickbase Admin Console, click Permission in the left-sidebar and enable User Tokens for the specific User. Instead of selecting "All Users," I'd suggest Specific Users instead for tighter security … but, I suppose that depends on your app and biz use case! See screenshot.

    Hopefully that helps!



    ------------------------------
    Brian Seymour
    ------------------------------