I’m a bit stuck using custom sharing permissions for API access - in particular, listing all rows in a table.
When I share my base with a user with permission level “Read-Only”, API access works fine.
But when I create a “custom sharing permissions” level, and select that level in “Share to user”, API access always results in
HTTP 403
{“error_msg”:“You don’t have permission to perform this operation on this base.”}
What I do is:
Get base access token via the user’s auth token
Use the base access token to list table rows
(GET .../dtable-server/api/v1/dtables/[base_uuid]/rows/?table_name=[table_name])
When the user has the predefined “Read-Only” permission level, the server returns all the table’s rows. But with my custom level, I only get the error permission denied error. I’m using the exact same queries in both cases.
For testing purposes, I set the custom sharing permissions level to enable Read Only access for all the base’s tables. As I understand, this should apply to all views as well, because the views’ checkboxes are greyed out when selecting the table permissions directly. But I’m still getting “permission denied”.
Am I doing something wrong, or do the custom sharing permissions simply not work for API access?
You are right - as the custom sharing permission (CSP) cannot be created per API, the tables/views cannot be accessed with API either, yet. With the API, you can only share a table or a view with another user. This could do the same job as the CSP: you can decide which table or view to share to which user, with which permissions (r or rw).
judging from the error message you received, I am sure you have got the correct access_token. I’m saying this because the base shared to you per custom sharing permission (CSP) is in another workspace (“Shared to me”) so you need another access_token, which I see you already did.
You only get the “correct” error message if the access_token is correct; if the access_token is wrong (i.e. from your “My bases” workspace), you’ll get the other error message:
{
"error_msg": "You don't have permission to access."
}
Sorry for the inconvenience - I cannot promise you that we’ll have the API to establish CSP because, like said above, the other APIs already do the same job.
No need to mention that: When you share views to users, with each shared view they’d also need another access_token with the call ToUser Get Shared View‘s Access Token.
Thanks for your response - sorry for keeping you busy
I tried sharing a specific view. Problem is - since my tables are heavily linked, those views are missing a lot of columns. In the future, I might be able to use the shared views API access, but for now, I need the content of those link columns.
My base has a mix of “public” data that all users may access (read only) and personal information, where access should be limited to specific users.
I was trying to make the “public” data available (read only) via the API for easy consumption by external tools and scripts (e.g. Excel Power Query). I thought I could create a separate API user for these tasks and give that user read-only access to the basic “public” data. So that API user should not be able to read all tables in my base, only those I allow.
I’ve put this issue on the back burner, since I was busy trying out other things.
You can mark it as resolved - I don’t know when I’ll return to this question.
