Issues with API keys

I played around with API keys generated at https://www.zotero.org/settings/keys and encountered some issues. I am not sure if these are bugs or features:
  • If I edit an existing private key, I can disable "Allow library access" but enable "Allow notes access". This is not the case when I create a new private key. Anyway, I guess it does not make sense and the feed ends up in the "Forbidden"-message.
  • It is possible to disable any access to the "Personal Library" and just enable the access to all groups. IMO this setting could be useful. However, the feed ends up in the "Forbidden"-message.
  • It is possible to disable any access to the "Personal Library" and just enable the access to specific groups. IMO this setting could be useful. However, the feed ends up in the "Forbidden"-message.
  • It is possible that the settings for the per group permissions are contradicting to the default setting for all groups. It is not clear which settings are winning over the other.
  • 1 was an oversight with the javascript validation, and a cosmetic issue. As you noted it doesn't make sense and the API treats it as such. They should behave the same now.

    2 and 3 I can't replicate. It should work as you expect, granting access to either your individual library, or whatever groups you choose, or both.

    4 I believe the greatest amount of access granted should win out, so you could grant a key read access to all groups, and write access to only one.

    Are you sure you're going to the correct feeds? Note that the feed icon on that page always points to your personal library.
  • 1) Okay, thank you. I guess that "Allow write access" should then also be fixed in the same manner.

    2,3) You are right, I did just click on the feed on that page which is not the correct one for group-only access key. I guess that it is not easy to come up with a suitable link for every key based on its granted permissions instead of the (up to the key) constant feed link?

    4) Yes, it seems so. Besides the good case you describe there exists also the bad case: Set the default setting for all groups to "Read/Write" and restrict the access level on specific groups, which will not work that way, i.e. the access to all groups is still granted. IMO it would be clearer if it is only possible to select either the option for all groups (exclusive-)or select an options for the specific groups. I would suggest to merge these to formulars, i.e., to have the choice between the 4 radio buttons "No Access to any Group", "Read Only Access to all Groups", "Read/Write Access to all groups", "Per Group Permissions" with its further configurabel options. What do you think?
Sign In or Register to comment.