I noticed that single application administrators have access to the TrackVia API.
I would like to see access to the API access raised up to the Account Authority only.
The reason, is that the Account Authority is will have the knowledge for the TrackVia account, the pricing plan, and any limitations the pricing plan has with the API.
An App Admin may not have this information on the subscription, plan, or invoicing, and may exceed the subscription limits. Only the Account Authority should be the approver for anything relating to account expenses.
John McGarvey shared this idea · Mar 24, 2015
Comments
1 comment
Hi John,
Thank you for the feedback. The reason that all admins have access to the API is because we believe that limiting it to the Account Authority would be too restrictive. This would mean that any time you wanted to have someone develop or use the API, you would need to give them your credentials (which would also give them access to everything in the account and is a security concern). With App admins, they could use their own credentials and would only be able to make API calls within the app that they have access to.
Additionally, it would be difficult to reach to maximum number of calls, which breaks down to over 8,000/day. Of course, it is possible to reach the limit, so it would be best to instruct the admins not to use the API without your consent. Please let us know if you have any further questions about this.
Derrick
Please sign in to leave a comment.