Community

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
John_Lowe
Community Champion
‎05-01-2015 11:28 AM

Read-only data access tokens?

Jump to solution

Is there such a thing as a read-only Data Access Token?  For instance, can a token be generated that allows any GET requests but denies any POST requests?

Labels (1)
Labels
Reply
1 Solution

Accepted Solutions
karl
Instructure
Instructure
‎05-01-2015 02:27 PM

Jump to solution

John, technically no, but API tokens are scoped to have the same permissions as the user does in Canvas. It is possible to restrict access by creating a custom role with specific permissions then attaching a user to the role and issuing the API token for that user. It's not ideal and token scoping is something we have discussed and plan to develop more around in the future.

View solution in original post

Reply
2 Replies
scottdennis
Community Team
Community Team
‎05-01-2015 11:34 AM

Jump to solution

Hey John,

Great question!

I'm going to go ahead and move this over to Canvas Developers​ where you are more likely to get responses.

Cheers

Reply Accept as Solution
karl
Instructure
Instructure
‎05-01-2015 02:27 PM

Jump to solution

John, technically no, but API tokens are scoped to have the same permissions as the user does in Canvas. It is possible to restrict access by creating a custom role with specific permissions then attaching a user to the role and issuing the API token for that user. It's not ideal and token scoping is something we have discussed and plan to develop more around in the future.

Reply