Limit API Client Access

You may wish to restrict the functionality of some of the API calls. For example, you may want to allow certain vendors, or internal groups, access to your website to modify their information. You can do this on a per API Client basis.

  1. Go to your dashboard, and open the target property by clicking on the Capture icon.
  2. Make sure you’re in your Dev app, then go to the API Clients tab.
  3. Create a new client for your vendor to use, and give them the “direct access” permissions.
  4. Now you have a client ID and client secret which you can give out to vendors which does not have the full permissions. Do not transmit this information over email, IM, Social Networks, or other unsecured channels.
  5. If you want to restrict which fields they can see (scoped access), you can do so with the setAccessSchema API call: see this page – entityType.setAccessSchema, and the discussion on API Clients Page.

Permissions

You can set several different permissions, such as direct_access and access_issuer, through the Janrain Dashboard. See the discussion of these permissions in the API Clients Page section.

Using entityType.setAccessSchema