What permissions are needed to make api calls? Is everything allowed by Account Admin needed or can we tailor a role?
The API token has the permissions of the user who owns the token. If that user has permissions to do something and there is an API call for it, then you're set.
All users, including students, can make API calls -- that's how the mobile apps work.
API tokens scoped to root admin accounts should be able to make any API call. They may need to masquerade as a different user, but they have the ability to masquerade.
Thanks James, succinct and to the point!
Retrieving data ...