As a project manager I share multiple boards with my client (as “Guest”), and also have multiple boards with internal only information. The majority of these are not private boards as we try to make information as accessible as possible across our teams.
One of my clients would like to access the Monday API to leverage this data in their reporting dashboard, however as a guest they are unable to do so. I can’t make them a viewer as then they can view sensitive internal content, an it’s not practical to make all our boards private.
Is there any other way my client can generate an API token as a guest?
Thanks for reaching out to the community and starting the conversation here. To be transparent with you, I can only confirm your initial hunch here that this would be an API feature request - it is currently not possible to create an API token for Guest-users only, and I’m afraid the only way to set this up would be making them a member.
I can definitely see how that wouldn’t quite work out in your specific workflow, so I’ve passed this on as a feature request to the team directly. Thanks for helping us make the monday.com API better
I have a similar/same question/issue. If we give our API Key to a customer then do they have access to all boards? Is there anyway to restrict access to only a single board? Our customer would like to place orders to a board that we have created for them, also receive status updates, we did set up a Monday.com form for submissions but they want to integrate with their system.
If it is not possible are there any workarounds other that giving them guest access to the board?
I don’t know how this worked a year ago. But as of today, one workaround for guest API keys/tokens is to make them a full member, get the key/token, then change them back to a guest. The token will work, granting the same access the user CURRENTLY has at a given moment.
Thanks for the info! I am not that knowledgeable about the API Key, to clarify…
Create account for customer. The customers IT person would use this account for integrations.
Customer account needs to be a member account.
Set customer account as Admin (to get the API key).
While logged in as customer retrieve the API key.
Set customer account to Guest.
Give the API key to the customer.
Then via the API key given to the customer (while they were an Admin), the customer would only have access to the board they were subscribed to when the API key was retrieved. All other boards would not be accessible, especially since they are no longer an Admin, which in theory prohibits them from accessing other boards.
I am assuming the way to test this would be to complete the above then use Zapier/Integromat and API given to the customer to check accessibility?
First, there is no need to set the customer user to admin. Standard (non-admin) member users can access their API token.
Second, the access that they have while a member (which would be ALL “main” boards and any boards that they are a member of) has no bearing on the access that they have once changed to guest. The API token will have the same access as the user currently has at the moment the token is used.
I experimented and correct, as a guest they can only access the board they are subscribed to.
As a member they could access all main boards, subscribed boards, and board templates,
board templates could not be set to shareable/private.
a. Still having an issue, but the columns were set to Restrict Column Edit, I removed the
restriction and have asked them try again.
I am not 100%, but I believe they use Netsuite and want to send orders directly from their system to our board for their orders. The data they are sending is Name, Email, PO File (PDF), and Order Comments. We initially gave them a form for submissions, but they prefer to send orders directly from their system to the board.
The “Restrict Column Edit” option was their issue with access earlier; the columns were restricted because we were anticipating form submissions.
They have successfully created an order (Name, Email, and Order Comments) but were unsuccessful in uploading the file; they will test running two operations rather than one; if that works, the first goal should be achieved.
The most important thing is that they are restricted as a guest and cannot see any main type boards and are restricted to only the board that they are subscribed to.
Sounds like you are dealing with just 1 customer in this situation. Which, not that it matters, make me feel better about it.
If you have any interest, we just release to beta, our new app “Bridges”. It contains a feature, “EZ Integrator” that enables column values to be set when creating item by emails to a board. You can find out more about it here: monday apps from The Monday Man
