Register for InstructureCon25 • Passes include access to all sessions, the expo hall, entertainment and networking events, meals, and extraterrestrial encounters.
Found this content helpful? Log in or sign up to leave a like!
Is there such a thing as a read-only Data Access Token? For instance, can a token be generated that allows any GET requests but denies any POST requests?
Solved! Go to Solution.
John, technically no, but API tokens are scoped to have the same permissions as the user does in Canvas. It is possible to restrict access by creating a custom role with specific permissions then attaching a user to the role and issuing the API token for that user. It's not ideal and token scoping is something we have discussed and plan to develop more around in the future.
Hey John,
Great question!
I'm going to go ahead and move this over to Canvas Developers where you are more likely to get responses.
Cheers
John, technically no, but API tokens are scoped to have the same permissions as the user does in Canvas. It is possible to restrict access by creating a custom role with specific permissions then attaching a user to the role and issuing the API token for that user. It's not ideal and token scoping is something we have discussed and plan to develop more around in the future.
To interact with Panda Bot in the Instructure Community, you need to sign up or log in:
Sign In