Ideas for Arc XP

Better Access Tokens

Ideally, we would like to be able to scope our tokens to individual APIs and not have them tied to a user.

Essentially, we want proper OAuth tokens, not unscoped personal access tokens.

For example, a problem we ran into was that we needed to access the /v4/content/urls API but it's a POST endpoint and so even though it's not being used to update anything, our Read-Only tokens won't work because they are not allowed for POST requests.

This forces us to use Read/Write tokens, but without being able to scope them down they are way too powerful and it's dangerous to have them around.

  • Claire Campbell
  • Mar 3 2020
  • Future consideration
  • Attach files
  • Gregory Engel commented
    4 Mar, 2020 07:08pm

    Hi Claire,

    Thanks for this suggestion!

    This is a request we've seen a few times and it's definitely something we'd like to do. We don't have concrete plans to do so at the moment.