API permissions

Tags: Flow

Overview

Flow provides object-level permissions.  

Note that only Owners on a Flow account have access to manage API keys. You must grant any non-owner permissions to manage API keys. An example would be to give permission to a team lead to be able to distribute additional API keys for various integration projects.

In general, we recommend you create an API service account rather than mapping the API to an individual. Typically, you name that service account something generic like API_SERVICE_ACCOUNT.

View rights and the API

View Rights are a key feature in Flow to control the depth of information a user can see in our interface. To learn more about View Rights in general, visit types of view rights.

However, view rights are completely bypassed in the API. This is by design. View Rights are report dependent. The API is based on primitive objects, not reports. This is important to understand as it has serious security and information access implications. If you give a person access to the COMMITS object in the API, for example, they will have complete unrestricted access to that object. That means they will be able to see any commit in any team in any repo.

If you wish to restrict or control that access, you must enforce it at the client level. This is in part why we strongly recommend you use a service account.

Assign API Permissions

Step 1: Starting on your Flow home page, go to the top navigation bar and click Settings. Using the left navigation under User Management, click Users.


Step 2: Locate and select the user you wish to give API permissions to.

Step 3: On the User detail page, under the Access tab click on Administration


Step 4: Once you’re there, select the API-related role(s) and permissions you want to assign to the user:

Manage API keys – Create, assign, and deactivate API keys.


API access – List of APIs (objects) from which users can request data. If the user will access the Flow API from a REST client or use an application to integrate Flow data, they will need an API key. See Authentication.


Step 5: Click Save Changes. That’s all there is to it!


Interested in learning about all the Flow roles and permissions? Visit roles and permissions.

back to top


If you need help, please email support@pluralsight.com for 24/7 assistance.