I am currently generating invoices from an API and I would like to have only some users to access it.
I know in the platform I can have an user seeing only what he has created. It’s what I want to do from the API. To make like if was the user who actually created it.
It’s not working. Well I can create a token and it works, but when downgrade the user, the token no longer works. If I upgrade back to Admin, the token works.
The checkbox for “Allow user to create and modify records” is checked. I always get “Forbidden” when I try to post an invoice to https://app.invoiceninja.com/api/v1/invoices with the token. If I put back “Administrator” it works.
They have not been created by them. So no… I would like everybody to be able to see the clients but not the invoices. They should be able to see only what they invoiced to it.