Is there a way to scope an API key to be able to both read and write for data explorer queries without giving a globally scoped admin API key?
Data explorer cannot write anything, ever.
You can create a query and allow members of a group who cannot otherwise have access to the plugin to run particular queries.
2 Likes
Sorry, maybe it was not written well. Can queries themselves not be created via API?
That is the function in question—read and write the actual queries themselves, not within a query.
Oh. Sorry. I did miss that. So you want to create queries via the API, not just run them. That is different.
I suspect that the answer is no.
What problem do you have that writing queries via the API is going to solve? Do you need to create a lot of them or something?
1 Like
You can create them via API, my question is if we can somehow limit the scope of an API key for that. Currently an API key scope can be limited to reading data explorer queries, but it doesn’t give an option to limit a scope to writing.
So today, if I want to give someone in my business the ability to write queries to data explorer, I have to give them a full global admin API key.
Here are the docs on creating queries via API:
Ah. I see. You trust a particular human to write queries, but not anything else. I don’t think there’s a way to do that currently.