Data API: Restrict access to read/write to collection

Not sure if this is possible, I hope someone from the team is reading this as a feature request.

I would like to create different data api access keys for our microservice and scope each api key to a specific collection, so key A can only read from collection1, while key B can read/write from collection2. Is this possible? I like the simplicity of the regular mongodb user access permissions, but they are not available for the data api.

Hey Florian -

Yes you can actually do this today, but it will require some extra configuration. To set this up, go into ‘Advanced Settings’ in your Data API app and go to ‘Rules’ in the sidenav

today, you should have a set of ‘Default Rules’ that are set to Read & Write = True

You can actually delete this configuration from the menu, and click into each collection and set up rules separately. For each one, you can set a different ''Apply When" for a different api key.

i.e. you can click into Collection A, set up read only rules, and then set the apply when to be

{
  "%%user.id": *<ID ASSOCIATED WITH API KEY>*
}

The ID can be found in the API key settings in the Data API page

more examples for apply when expressions are here

2 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.