Hi all, we want to be able to download all our time timeslip data but concerned about providing user details with level 7 to a team of developers who could access the frontend and view sensitive information.
Is it possible to have an API ONLY user who has the ability to download all timeslip data?
I’m afraid we don’t currently support API Only users. The beauty of OAuth, however, is that your integration (and therefore your developers) don’t need to have a permanent copy of your password. Connecting your integration to your FreeAgent account involves a one time exchange of your FreeAgent credentials, meaning you could create the level 7 user, sit down with your developers and enter the user’s email and password combination yourself, and the integration will be given an access token (and a refresh token, which is used to keep the access token alive). Going forward, these tokens are all that’s needed to maintain the connection between your integration and FreeAgent, meaning you never have to part with your password and your developers won’t be able to directly login to FreeAgent. It’s worth highlighting that, whilst your developers won’t have access to the FreeAgent front-end, they’ll still be able to pull sensitive information through the API. You should consider which information is required for the functionality of your integration and set the minimum permission level to achieve these goals.
I hope this helps!
I’ve been thinking a little more about your question here and realised that, depending on the permission level granted to your “API User”, it might be possible for another user to be created via the API and then used to access the web front-end.
Ultimately, although it’s possible for you to grant API access without sharing your password with your development team, you’re ultimately given them (progamatic) access to your data simply by allowing them to integrate with your FreeAgent account, so please be mindful of this.