Limiting API access

[Luke Francis]

Hi All,

Is it possible for the product to limit API access to specific data/end-points and to read-only?

I'm concerned that integrating the API gives access to things like credit card data, but we only need basic client (Profile) and booking (ResCard) data.

If our integration continues, we will have some PCI concerns our side which we want to avoid if possible.

Failing this, do you know if there is function for automated data exports rather than the API route to avoid this issue?

Thanks

[Dan Palley]

Hi Luke,

Yes, we can limit the API somewhat via an access key that would prevent writing to the database and from reading credit card data.

You can also limit what a specific user can do via permissions in either TBO or CBW.

I would definitely recommend creating a named user for your application that uses the API and configuring this user only for the specific permissions that are needed.

Dan

[Luke Francis]

Thanks Dan! 

Could you point me to where this is setup in Clientbase?