On January 11, 2022 we’re changing API access to be managed at the account level, so it will no longer be tied to the authorizing user. The large majority of API keys and OAuth 2 tokens were authorized by the account owner and won’t experience any changes.
Changes in the API:
API requests will no longer receive 403 Forbidden errors due to user level restrictions on the authorizing user
All user-specific values returned from the Root endpoint will be the account owner, and the role will always be “owner”
At launch, API tokens connected to “viewer” and “author” roles will have their access revoked. There’s only a small number of these tokens, and we’ll reach out to inform those accounts.
Changes to OAuth 2:
Users will need to be at least manager level to authorize apps using OAuth 2
If different users go through the OAuth 2 flow for the same app on the same account, they’ll have the same API token returned
Changes to managing API access:
This change makes it easier for users to manage access to their account, without disrupting critical apps and integrations.