Is there a way to have a read-only account for API calls?

The only key-based accounts I can see that we can create for service accounts for use with the API are those with admin access. Is there a way to create a read-only or query-only based account/key for use instead? We have some other ITS groups that would like to pull information or update forms on other sites dynamically based on TDX values but we don't want them to have admin access to make any API call available. Is the best way to accomplish this to create a service account and create a security role for any necessary applications that has little to no permissions associated with it? Can we prevent this account from being able to create or modify tickets entirely?

Thanks,

Curt

Curt Stewart, Service Desk Support Specialist II
- Mississippi State University

 

Tags API account key read-only serviceaccount
Asked by Curt Stewart on Fri 10/15/21 12:26 PM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Mon 10/18/21 12:39 PM

Hi Curt,

You can create a Service Account in Admin > Users & Roles > Users and then give it access to only the ticketing application(s) you've needed. In the ticketing application security role for that service account you can just give it a role that has no permissions, then it wouldn't be able to actually create tickets, but it could perform GETs against tickets in that app.

1 of 1 users found this helpful.
Thanks! - Curt Stewart Mon 10/18/21 2:07 PM