API Token access permissions

Bernie_Janes · July 27, 2023, 1:21am

Hi

I am a little confused with how to restrict the access permissions of API tokens. For clarity I was hoping to be able to restrict specific tokens to apps or resources ideally matching the access permissions of the user that created them.

This would seem to be supported as the create token dialog states -

Personal access tokens carry the access permissions of the user who created the token. We recommend each user create their own.

However, only users within the admin group can create tokens and, by definition, admins have full access to all resources and apps. This seems to make a nonsense of the statement (above) shown on the create token dialog.

What am I missing?

thanks in advance

bernie

Kabirdas · August 16, 2023, 4:54am

Hey @Bernie_Janes! Thanks for surfacing this, the wording is a bit confusing there. Access for the tokens is only limited by the scope that's defined when they are created. That means that, right now, API access won't have granular permissions at the resource level.

I'm curious to hear more about your use case here how are you thinking to implement the API?

Topic		Replies	Views
New permission levels for Resources 📣 Retool Announcements environments	10	1529	October 9, 2024
Storing tokens in custom auth 💬 Queries and Resources	11	3493	June 26, 2023
How do you make the authentication of a resouce be applicable to other different resources? 💬 App Building	2	19	April 25, 2025
How to create External Users for External Apps? 💬 External Apps bug	17	1268	August 28, 2024
API OAuth in public app? 💬 App Building	6	1849	July 27, 2023

API Token access permissions

Related topics