Fred Martin Posted March 5, 2022 Posted March 5, 2022 Hello, I'm making this suggestion based on my earlier support request: https://invisioncommunity.com/forums/topic/465966-rest-api-limit-results Could there be a built-in feature for the REST API, where you can attach a user group to an API key to limit which information it can POST or GET from an endpoint? For example, as it is now doing GET requests on /core/members/{id} endpoint will return all of the information of a user (including sensitive). I'd like to limit these requests to the most basic user group, so that only public information can be queried. This allows us to do some integration between our forum and wiki, using an extension to query forum data. Or it might be easier to implement a system where we have an option to create an API key that can only access GET endpoints to publicly accessible information (i.e. what guests can see). That would be sufficient as well. We hope this suggestion is taken into consideration.
Recommended Posts