Beginner API questions

Hi, sorry for the basic questions but programming with an API is something I haven’t done before with Monday.

We have an external client that we have given access to a board. They want to access certain data on the board via API. Couple of questions:

  • how can I restrict the API from only accessing a specific board? I dont want them to see anything except this board. Outside of giving them my API key, do I have to create a user for this?
  • can i restrict view only for this? As f now, i dont want them to have the ability to update the board. Maybe later on.
  • to allow this external company API access, outside of giving them a key, is there any programming on my end? Better yet, what is the basic setup I need to do?

I have a call into support but I figured I would try here and get better answers! Thanks so much!

To restrict the API access for an external client to a specific board on, you can follow these steps:

  1. Creating a new API v2 API key: Go to your account and navigate to the “Admin” section.Under “Developers,” go to “API” and then API V2 Admin.Click on “Create API Key” and give it a name that represents the purpose, such as “External Client Board Access.”
  2. Setting board permissions: While creating the API key you can specify which boards the key has access to. Select only the specific board you want the external client to access and this ensures the API key can only interact with the designated board.
  3. Restricting API permissions:You can define the level of access the API key has to the board. To grant view-only access for now, make sure you set the appropriate permissions when creating the API key.This way, they won’t be able to make any updates to the board initially.
  4. No need to create a user

Hope these steps should give you a head start in understanding how to restrict API access for your external client.
If you encounter any further issues or have additional questions, feel free to ask!

Hello there @Larryr20,

You can not just create a new API token for a user that already has one.

Each token belongs to a specific user and each user can have only one token.

In your case, I suggest creating a “dummy user” and granting that user access ONLY for that specific board to read it, and not to update it, using permissions.

You can then share said API token with the client so that they can use it.

Let me know if you have any questions :slightly_smiling_face:


1 Like