question

er153 avatar image
er153 asked er153 commented

Can someone steal sensitive information if I give them my api key with Read permissions for orders?

I'm unsure how unsafe it is to share an api key with someone who is working on my project. I don't know them very well but they have experience with Clover. Is it normal for someone to request my api key for them to test their script

REST API
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
parquet76 avatar image
parquet76 answered er153 commented

API keys are sensitive and can be used to read/write data depending on the permissions assigned to the token. If the token only has read on orders, it can be used to see all of your business's orders. Is that sensitive to you? A bit more information would be helpful but in general they shouldn't need the token to test their integration (Clover provides a sandbox/test environment for that). But they will need it when they deploy it (assuming they are responsible for that). If they are providing the script to you, and you will be running it or deploying it, they don't need the key.

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

er153 avatar image er153 commented ·

This makes sense, I appreciate your answer!

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community