Rest API Bypassing My Privacy Rules

contatotrcsolutions · March 5, 2024, 1:23am

Hello everyone,

I’m currently working on exposing some of my data through a Rest API. When testing the API with Postman, I noticed that all the data of that specific type was exposed. I believe the privacy rules are set correctly, however, it seems they’re not being applied to the Rest API, and I’m at a loss on how to address this issue.

tylerboodman · March 5, 2024, 1:39am

An API key generated via the app settings is full Admin level access. I wish they would allow privacy rules per API key.

DjackLowCode · March 5, 2024, 2:11am

@tylerboodman is correct - your app’s API key provides full admin access.

You can set up a process to authenticate as a user to generate an API key that follows privacy rules:

Hope that helps

Topic		Replies	Views
How to use privacy rules when i am using API also? Please check description below APIs	3	877	January 18, 2023
Data API accessible APIs	5	83	January 23, 2025
Can i use privacy rules for Data API? APIs	1	425	December 10, 2022
DataAPI does not return data using api token APIs	1	266	April 19, 2024
API permissions according to API key - possible? Need help	3	195	November 20, 2023

Rest API Bypassing My Privacy Rules

Related topics