API permissions

Tags: Flow

Flow provides object-level permissions.

In general, you should create an API service account rather than mapping the API to an individual. Typically, you name that service account something generic like API_SERVICE_ACCOUNT.


You need Manage API keys permissions to manage API keys.

Read more about Flow roles and permissions.

back to top

View rights and API

View rights are a key feature in Flow to control the depth of information a user can see in Flow's interface. Learn more about view rights.

However, view rights are completely bypassed in the Customer API. This is by design.

View rights are report dependent. The API is based on primitive objects, not reports. This is important to understand as it has serious security and information access implications.

If you give a person access to the Commits API endpoint, for example, they will have complete unrestricted access to that object. This means they will be able to see any commit in any team in any repo.

If you wish to restrict or control that access, you must enforce it at the client level. This is, in part, why we strongly recommend you use a service account.

back to top

Assigning API permissions

To assign API permissions:

  1. In the top navigation bar, click Settings
  2. In the left navigation under User Management, click Users.
  3. Locate and select the user you wish to give API permissions to.
  4. On the User detail page, click the Access tab.
  5. In the Access tab, select any API-related roles and permissions you want to assign to the user:
    • In the Management section, make sure Manage API keys is checked to allow the user to create, assign, and deactivate API keys.
    • In the API access tab, select the APIs objects from which users can request data. If the user accesses the Flow API from a REST client or uses an application to integrate Flow data, they need an API key. See Authentication.

      Note: To ensure the view rights changes persist, we recommend adding permissions at the role level.

  6. Click Save Changes.

back to top

If you need help, please contact Pluralsight Support.