Allow API Integration to create polls in subgroups

M miriam Public Seen by 66

Hi all,

I'm using the create poll endpoint to create proposals through the API. It has a parameter "discussion_id" which allows the caller to create a new poll on an existing discussion thread. My Loomio group has subgroups, and I would like to have an API Key with sufficient scopes to create proposals on discussion threads within subgroups.

Currently, in order to do that you need to use an API Key that was created specifically for the subgroup (because of this code which sets the group_id based on the API key, leading to this check failing if the discussion_id is in a subgroup). So, my bot would need to manage several API keys–– one for each subgroup––, which is not ideal. Would you consider allowing the integrations of the "parent" group to be able to manage all subgroups? For my use case, I'd also like to be receive webhook events from all subgroups via a single integration.



Robert Guthrie Sun 17 Oct 2021 10:53PM

Hi @miriam I never saw this message, until now, sorry.

This is not an easy change for me, I'm afraid. A lot of the permission model I used to make webhooks safe depends on the webhook being tightly associated to the group. I've had a look to see if I can make it any group in the organisation, but that's not easy and would probably surprise people to find out that a webhook can now perform actions in a private subgroup.

I think I'd like to hear if managing multiple API keys for this purpose can be accomodated.


miriam Tue 19 Oct 2021 2:54PM

Hi @Rob Guthrie, that makes sense. Yes I actually handled the multiple API keys on our end already, it should be fine. Thanks for looking into it.