Allow API Integration to create polls in subgroups
I'm using the create poll endpoint to create proposals through the API. It has a parameter "discussion_id" which allows the caller to create a new poll on an existing discussion thread. My Loomio group has subgroups, and I would like to have an API Key with sufficient scopes to create proposals on discussion threads within subgroups.
Currently, in order to do that you need to use an API Key that was created specifically for the subgroup (because of this code which sets the group_id based on the API key, leading to this check failing if the discussion_id is in a subgroup). So, my bot would need to manage several API keys–– one for each subgroup––, which is not ideal. Would you consider allowing the integrations of the "parent" group to be able to manage all subgroups? For my use case, I'd also like to be receive webhook events from all subgroups via a single integration.
miriam Tue 19 Oct 2021 2:54PM
Hi @Rob Guthrie, that makes sense. Yes I actually handled the multiple API keys on our end already, it should be fine. Thanks for looking into it.
Robert Guthrie · Sun 17 Oct 2021 10:53PM
Hi @miriam I never saw this message, until now, sorry.
This is not an easy change for me, I'm afraid. A lot of the permission model I used to make webhooks safe depends on the webhook being tightly associated to the group. I've had a look to see if I can make it any group in the organisation, but that's not easy and would probably surprise people to find out that a webhook can now perform actions in a private subgroup.
I think I'd like to hear if managing multiple API keys for this purpose can be accomodated.