The Coda API key one provides to Zapiers to setup a Zap neesd to have no restrictions in order to list documents and tables for setup stage (you can’t skip this or provide them as simple strings). This is far from optimal from a principle of least privilege mindset.
Please find a way to handle this, possible solutions:
- Allow one to edit the restrictions after creation - i.e. I could create an api key that has full permission and then one the Zap setup is done I can reduce the permissions (still a small risk if we don’t trust Zapier in that point in the time)
- Add a listing permission that is configurable in addition to document restriction
- Work with your Zapier contact to allow one to specify document name by textbox rather than autofill dropdown
Look forward to a fix. Thanks