Custom sharing permissions and API access

Hi,

I’m a bit stuck using custom sharing permissions for API access - in particular, listing all rows in a table.

When I share my base with a user with permission level “Read-Only”, API access works fine.
But when I create a “custom sharing permissions” level, and select that level in “Share to user”, API access always results in

HTTP 403
{“error_msg”:“You don’t have permission to perform this operation on this base.”}

What I do is:

  1. Get base access token via the user’s auth token
  2. Use the base access token to list table rows
    (GET .../dtable-server/api/v1/dtables/[base_uuid]/rows/?table_name=[table_name])

When the user has the predefined “Read-Only” permission level, the server returns all the table’s rows. But with my custom level, I only get the error permission denied error. I’m using the exact same queries in both cases.

For testing purposes, I set the custom sharing permissions level to enable Read Only access for all the base’s tables. As I understand, this should apply to all views as well, because the views’ checkboxes are greyed out when selecting the table permissions directly. But I’m still getting “permission denied”.

Am I doing something wrong, or do the custom sharing permissions simply not work for API access?

Thanks!

You are right - as the custom sharing permission (CSP) cannot be created per API, the tables/views cannot be accessed with API either, yet. With the API, you can only share a table or a view with another user. This could do the same job as the CSP: you can decide which table or view to share to which user, with which permissions (r or rw).

judging from the error message you received, I am sure you have got the correct access_token. I’m saying this because the base shared to you per custom sharing permission (CSP) is in another workspace (“Shared to me”) so you need another access_token, which I see you already did.

You only get the “correct” error message if the access_token is correct; if the access_token is wrong (i.e. from your “My bases” workspace), you’ll get the other error message:

{
    "error_msg": "You don't have permission to access."
}

However, with this correct access_token, you can Get the base’s metadata. Unfortunately, you cannot Query with SQL either.

Sorry for the inconvenience - I cannot promise you that we’ll have the API to establish CSP because, like said above, the other APIs already do the same job.

No need to mention that: When you share views to users, with each shared view they’d also need another access_token with the call ToUser Get Shared View‘s Access Token.

Custom sharing permissions can’t work with API yet. Can you describe more about your use case?

Thanks for your response - sorry for keeping you busy :wink:

I tried sharing a specific view. Problem is - since my tables are heavily linked, those views are missing a lot of columns. In the future, I might be able to use the shared views API access, but for now, I need the content of those link columns.

My base has a mix of “public” data that all users may access (read only) and personal information, where access should be limited to specific users.

I was trying to make the “public” data available (read only) via the API for easy consumption by external tools and scripts (e.g. Excel Power Query). I thought I could create a separate API user for these tasks and give that user read-only access to the basic “public” data. So that API user should not be able to read all tables in my base, only those I allow.

But I may be going about this the wrong way? :thinking:

Maybe you could try the “Query app” and see if it does the trick for you. It’s in the plugins under “External plugins”.

Thank you for your suggestion - I will try the Query app :slight_smile:

Did the query app help you? Could we mark this topic as resolved?

Thanks for your inquiry :slight_smile:

I’ve put this issue on the back burner, since I was busy trying out other things.
You can mark it as resolved - I don’t know when I’ll return to this question.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.