Thank you for the awesome feedback. It sounds like what you’re looking for is the ability to create API tokens that are specific to each board, not to each user, is that right?
At this time, API tokens are all personal tokens. This means they will include all of the permissions that the user who generated it has. If a user does not have access to a board, their API tokens also will not, etc. etc.
I can definitely forward this as feedback for our team’s consideration!
Great question. You don’t have to give your API token to this third-party programmer. What you can do is to create a new user profile for this programmer in your monday.com account, and only grant this user access to test workspaces/data.
This way, the programmer will not be able to access the data that he does not have access to in the monday.com UI via the API. Does this make sense? There won’t be any accidents this way.
Yes-- he will be able to generate an API token if he has a regular member user profile in your monday.com account.
This API token will have only the same scopes as his user account (of course making sure his user account only has access to the test workspaces and data).