New feature alert: Restricted API tokens

Developers Central
1

Hey everyone!

Today I’m happy to announce that we’ve launched a new API feature: restricted API tokens.

Up until now, API tokens can be used to do anything your account can do with the API. With restricted tokens, you can create API tokens that only allow access certain actions on certain objects.

Restricted tokens can help you secure your API access because disclosure of a restricted token does not allow access to the entire account, so it’s safer to share with other people or put into automated processes.

Here’s an example of how to create one.

18%20PM
Screen Recording 2019-10-23 at 03.18 PM.gif1004×801 430 KB

You can restrict tokens to operate on a document, table, or view. And, you can restrict a token to allow read access only, write access only, and read/write access. And, like all API tokens, you can revoke them which eliminates all access using that token.

For more information about this feature, documentation is available on our API page. https://coda.io/developers/apis/v1beta1#section/Authentication. Please reach out with feedback, questions, and bugs.

Thanks,
alex

10 Likes
2

Dang! That’s really smart. You guys are brilliant.

3

@alexdeneui I am in the process of creating several docs that are primarily populated by cross-docs from other docs. I had a co-worker help create about 30 student docs that are based upon a template. I didn’t realize that the cross-doc tables I wanted to stay synced were broken when he made the copies. It has been a tedious process tracking down all those table URLs and re-syncing them. So I have been just making an unrestricted API token for each one those and it syncs fine for all the broken cross docs. Does this unrestricted API token allow anyone to access it or only those with admin access to the doc? Just wondering if I am going to need to commit the 10 hours or so to re-connect all the cross doc tables or if the general token should suffice.

The entire reason for creating these cross docs is to prevent them from accessing any unwanted information from the source docs.