API - dedicated API token per board and per permission


Would be great if Monday lets us generate new API token for desired boards as well as lets us to set permission (readonly+ or full CRUD operations.)

This is great in terms of API token leaks due to insecure coding practices or web server compromise or any other reasons.

Thank you.

Hi @awesome.dan!

Thank you for the awesome feedback. It sounds like what you’re looking for is the ability to create API tokens that are specific to each board, not to each user, is that right?

At this time, API tokens are all personal tokens. This means they will include all of the permissions that the user who generated it has. If a user does not have access to a board, their API tokens also will not, etc. etc.

I can definitely forward this as feedback for our team’s consideration!

1 Like

Hi, im admin for my company. No coding knowledge. So i have two questions:

  1. as i understand, i need to give my unique token to my third party programmer, and as i see he could accidentally do what kind of things?

  2. there is any way to give only access to the boards that i need to interact with trough the API?

Hi @hlopezvc,

Great question. You don’t have to give your API token to this third-party programmer. What you can do is to create a new user profile for this programmer in your monday.com account, and only grant this user access to test workspaces/data.

This way, the programmer will not be able to access the data that he does not have access to in the monday.com UI via the API. Does this make sense? There won’t be any accidents this way.

Ok thanks Helen, but having access to test workspaces/data, how he will run some code to interact with monday… doesnt he need the api token anyway???

Hi @hlopezvc,

Yes-- he will be able to generate an API token if he has a regular member user profile in your monday.com account.

This API token will have only the same scopes as his user account (of course making sure his user account only has access to the test workspaces and data).