I am currently generating invoices from an API and I would like to have only some users to access it.
I know in the platform I can have an user seeing only what he has created. It’s what I want to do from the API. To make like if was the user who actually created it.
Is there a field for this that I can use?
One option would be to create a token as the user and then use that token in the API.
Sounds good to me, but I do not see the possibility in the user settings.
I think you’d need to set the users as admins, log in as them to create the token and then remove them as admins.
Note… I haven’t tested this.
It’s not working. Well I can create a token and it works, but when downgrade the user, the token no longer works. If I upgrade back to Admin, the token works.
Does the user have permission to create records?
I’m not sure, I ran a quick test and it seems to be working correctly.
What request are you trying? I’m only able to generate an error by trying to take an action which isn’t allowed.
The checkbox for “Allow user to create and modify records” is checked. I always get “Forbidden” when I try to post an invoice to https://app.invoiceninja.com/api/v1/invoices with the token. If I put back “Administrator” it works.
Does the user own the invoice you’re testing with?
He is trying to create it
Do they own the referenced client?
They have not been created by them. So no… I would like everybody to be able to see the clients but not the invoices. They should be able to see only what they invoiced to it.
Sorry, that isn’t currently supported.
You may want to upvote this issue on GitHub: