Ideas for Arc XP

Home| Documentation| Support|

Better Access Tokens

Ideally, we would like to be able to scope our tokens to individual APIs and not have them tied to a user.

Essentially, we want proper OAuth tokens, not unscoped personal access tokens.

For example, a problem we ran into was that we needed to access the /v4/content/urls API but it's a POST endpoint and so even though it's not being used to update anything, our Read-Only tokens won't work because they are not allowed for POST requests.

This forces us to use Read/Write tokens, but without being able to scope them down they are way too powerful and it's dangerous to have them around.

  • Claire Campbell
  • Mar 3 2020
  • Future consideration
  • Attach files
      Drop here to upload
    • Gregory Engel commented
      March 04, 2020 19:08

      Hi Claire,

      Thanks for this suggestion!

      This is a request we've seen a few times and it's definitely something we'd like to do. We don't have concrete plans to do so at the moment.