I was going around in circles trying to figure out why an API, that runs without User input, could not update, or use, a User record.
After I removed the data role (User = Current User) from the User table, the API was able to use and update a User.
Is there a “System User” or something to allow the system to run APIs and update records?
Isn’t this what “ignore privacy rules when running workflow” is for? (Asking seriously, not facetiously.)
Isn’t this where you want to tick the box on the api to ignore privacy rules?
Jinx…
Jinx! Same message same time. You owe me a Coke.
LOLZ again! (Sorry @Kfawcett)
But seriously… This is what will behave like a system user. You just have to be careful with it especially if that end point is public.
Now which answer do I choose? 
Yep… gotta be real careful with that. (Even if the endpoint does enforce privacy rules there’s still small risks with public endpoints that don’t require authentication. Like the clicksend thing I described in a reply just before all this. That endpoint creates a thing in my database and there seems to be no facility for making Clicksend authenticate. So it’s possible that endpoint could be abused. Although, I can still think of ways to protect against that…)
WHY NOT BOTH? (oh, cuz you can’t)
(And BTW, here’s the inbound sms reply I mentioned: Text/SMS to create a thing - #2 by keith)
