How to set up the permissions of an application using the API?
We created an app that uses the Wrike's API to automate some stuff between Wrike and our platform. However, we do not find an option to set up what projects they can access or not.
Basically, who has access to the API (the developers) might access any folder and content of our Wrike account without restrictions. So, how can we control this?
Hi Erwin UNU, thanks for reaching out! I can see that you already got a reply from our Advanced Support team. Hope you don't mind that I post a reply from our specialist here, in case it can help someone else too:
Wrike API requests are executed on behalf of the end-user, who gave consent for the third-party app through OAuth2 protocol. Accordingly, the data available through the API is only the data visible and accessible to that exact user according to your specific sharing settings (which are described in our Help pages). There are no other scopes (e.g. read-only, read/write, etc.) yet. Basically, it means that API response will only provide users with data that they access as a Wrike user according to his user license and sharing settings.
So, if you are creating folders & projects via API as well you may want to use "shareds" parameter to indicate members who should have access to the data. However, please mind the inhereted sharing logic: child items inherit sharing rules applied to their parent.
Lisa Community Team at Wrike Wrike Product Manager Become a Wrike expert with Wrike Discover
Lisa Wrike Team member Become a Wrike expert with Wrike Discover