Fred Martin

Hello,

I'm making this suggestion based on my earlier support request: https://invisioncommunity.com/forums/topic/465966-rest-api-limit-results

Could there be a built-in feature for the REST API, where you can attach a user group to an API key to limit which information it can POST or GET from an endpoint? For example, as it is now doing GET requests on /core/members/{id} endpoint will return all of the information of a user (including sensitive). I'd like to limit these requests to the most basic user group, so that only public information can be queried. This allows us to do some integration between our forum and wiki, using an extension to query forum data.

Or it might be easier to implement a system where we have an option to create an API key that can only access GET endpoints to publicly accessible information (i.e. what guests can see). That would be sufficient as well.

We hope this suggestion is taken into consideration.

All right. Wouldn't IPS clients benefit from a functionality where endpoints can be restricted via user group permissions? We're looking to use https://www.mediawiki.org/wiki/Extension:External_Data to get data from our IP forum, but obviously if we do it via REST API as it is currently, our wiki editors could query sensitive data.

Hello,

Is it possible to limit the results for GET requests on e.g. /core/members/{id} endpoint? We don't want details such as the email and IP addresses to be included in the json response.

Any reason why this isn't being added into the marketplace?