I was wondering if it’s possible to generate tokens with reduced rights, e.g. a “read-only” API token.
I ask because I wrote a script that reads a Dynalist doc and emails me a list of items due today. I have that script running nightly on a cloud node. Of course, the script needs my API token in order to read the docs. It would be nice to be able to provide it with a ‘read-only’ token so that if the server were compromised less data were at risk.
Yeah right now the system isn’t built to support access levels sadly. It’s built based on the session system that can only check if you’re logged in to the correct user.
I’ve definitely heard this more than once, so we should probably give a new look at the api token and see if we can give some permission control.