On October 5th’s maintainer call we talked briefly about API tokens and a few aspects of API tokens were raised that requested adopter and maintainer feedback.
- Adopter/maintainer feedback on token creation
- Scoping what tokens have access to private vs. public information from a Hypha ‘instance’
- Any other concerns re. API tokens.
Background context: A token within the Contracting and compliance feature set allows open full access to a certain area.
Do we want to have roles and users have different access to API tokens for certain sections for API key access etc. for admin, finance, access to areas etc.
@frjo Can you add any more context here from contracting and compliance work for OTF?
(I, Eriol do not know much, or anything about tokens beyond general knowledge but was suggested this is a good explainer for folks: https://wise.com/help/articles/2958229/whats-an-api-token)