Connect two monday accounts via an api

Platform discussions
1

Hello,
I would like to connect two monday.com accounts with an API key with Make (intégromat).
Only, I’m afraid that by giving access via integromat, there is a risk of taking data that I didn’t want on the other monday.com account.
Can we limit the access of an API key to one or more tables?
Thanks,
Jeans

2

@Jean

I can understand your concern. But there is no direct connection created by accessing different monday accounts (or any other platforms for that matter) from the same Make account.

It would be a little like a property manager having keys to multiple homes on his key ring. That would in no way imply that the family living in property 1 has any knowledge of the family living in property 2.

The direct answer to your question is no, not really; but it doesn’t matter in this case.

Jim - The Monday Man (YouTube Channel) Our latest vid: Reading REALLY Large monday Boards
What is Make & How can it help you with monday?
We Create Custom Solutions - Your Make or Ours
Schedule a 1-on-1 Tutorial Session (for monday, Make or “Rocket Science”)

3

Hello,
Thank you very much for your answer.

But we agree that if someone recovers integromat access for example, he will have access to all the information of monday.com since the API key will be in the software?

Jean

4

@Jean

No, not necessarily. It’s a little more complicated than that.

If the common method of accessing the accounts is used, i.e., Make/Integromat “connections”, then new scenarios could be created using the same connections. But the access tokens themselves cannot be recovered or used elsewhere.

If, however, the Make/Integromat authorization is provided by using SLTs (Short-Lived-Tokens) by leveraging monday’s app framework, then the access tokens are delivered with each call to the scenario, time limited and not reusable.

Also, Make/Integromat is quite secure, especially if 2FA is enabled. Random attacks are basically impossible and directed attacks would be very significantly more likely to be successful using social engineering techniques and similar.

We actually did recently create a solution that provides secure board by board API access. Basically, the customer wanted to provide limited monday API access to one of their customers. But only to the specific boards that their customer had guest access to.

Jim - The Monday Man (YouTube Channel) Our latest vid: Reading REALLY Large monday Boards - Part 2
What is Make & How can it help you with monday?
We Create Custom Solutions - Your Make or Ours
Schedule a 1-on-1 Tutorial Session (for monday, Make or “Rocket Science”)