API permissions

Tags: Flow

Who can use this?

Flow provides object-level permissions.  

Note: Only Owners on a Flow account have access to manage API keys. You must grant any non-owner permissions to manage API keys. An example would be to give permission to a team lead to be able to distribute additional API keys for various integration projects.

In general, we recommend you create an API service account rather than mapping the API to an individual. Typically, you name that service account something generic like API_SERVICE_ACCOUNT.

View rights and the API

View Rights are a key feature in Flow to control the depth of information a user can see in our interface. To learn more about View Rights in general, visit types of view rights.

However, view rights are completely bypassed in the API. This is by design. View Rights are report dependent. The API is based on primitive objects, not reports. This is important to understand as it has serious security and information access implications. If you give a person access to the COMMITS object in the API, for example, they will have complete unrestricted access to that object. That means they will be able to see any commit in any team in any repo.

If you wish to restrict or control that access, you must enforce it at the client level. This is in part why we strongly recommend you use a service account.

Assign API Permissions

  1. Starting on your Flow home page, go to the top navigation bar and click Settings. Using the left navigation under User Management, click Users.
  2. Locate and select the user you wish to give API permissions to.
  3. On the User detail page, click on the Access tab.
  4. Once you’re there, select the API-related role(s) and permissions you want to assign to the user:
    • In the Management section, make sure Manage API keys is checked to allow the user to create, assign, and deactivate API keys.
    • In the API access tab, select the APIs (objects) from which users can request data. If the user will access the Flow API from a REST client or use an application to integrate Flow data, they will need an API key. See Authentication.
  5. Click Save Changes

Read more about Flow roles and permissions.

back to top

If you need help, please email support@pluralsight.com for 24/7 assistance.