Setting an API key to "100% only read mode" (including notes)

felipehw · December 3, 2020

Hi.
I wanna use third-party apps on Android to visualize my Zotero profile.

But I have a big Zotero database with a lot of items and notes of books and papers I've read ... and I wanna set the API key in a "100% read-only" mode to not allow third-party apps to mess with this database.

The following setup is "100% read-only" without any possibility to mess with this database (=>including items and **notes**<=)?

# Personal Library

(✓) Allow library access
Allow third party to access your library.
(✓) Allow notes access
Allow third party to access your notes.
( ) Allow write access
Allow third party to make changes to your library.

# Default Group Permissions

All Groups

( ) None
(✓) Read Only
( ) Read/Write
Allow access to all current and future groups.

dstillman · December 4, 2020

That should be read-only, yes. Note that Zotero doesn't support annotations natively — those would just be modifications to PDFs you make outside Zotero that get uploaded as new versions of files, and disabling write access prevents file uploads as well.

felipehw · December 4, 2020

@dstillman

Thanks!
I used the wrong word ("annotations") because I'm using Zotero in another language :/.
I was referring to "notes" that you can create at Zotero and they're synced.
(I don't sync my PDFs to Zotero server),
So ... my doubt is if my setup above protects in a read-only mode my "notes" from editing by third-party apps.

My doubt came because the description of " Allow write access" only says "library" and there are separated options to allow access for "library" and "notes".

I'm planning to use third-party apps only in a 100% read-only mode to avoid destroy years of study if they have some nasty bug :D

adamsmith · December 4, 2020

Yes, the above is read only also for notes.

felipehw · December 5, 2020

@adamsmith Thanks!