Credentials Field: scoping & need for board ID/workspace ID in credentials url body

The documentation for the “credentials url” says that it will contain the standard jwt payload in the authorization header and an empty body. No board ID. In the “authorization url” the jwt says it will include the board ID.

There is significant value in scoping credentials to boards and workspaces. Without the board in the credentials URL body this isn’t possible.

Simple use case is a marketing team with a private workspace. They want to integrate SharePoint through an app. They have credentials that have permission to access their private SharePoint page (maybe a service account set up by IT for these purposes). They don’t want another team using this, because it would give them access to a private SharePoint location. But they want any use in their private monday.com workspace to be allowed.

In the redirect for the authorization URL - when a credential is created, the user could say “only these workspace(s)” or “only members of these team(s)”, or “only on this board”, or “only for me” (this one is doable already).

Without the workspace ID or board ID there is no way to know which credentials to return with the credentials URL.

Thank you @codyfrisch for the request!