Permission about different API client

Nicole Chan

For API clients, what is the difference in permissions between the client types "Server Application" and "User Based Server Application"?  It has been observed that the "User Based Server Application" retrieves more data than the "Server Application".  How can we grant permission to the "Server Application"?

Kevin Baum

Hi Nicole,

A "Server Application" client is used when there is no user or permissions required to access the endpoint. Panopto does not recommend you use this client type unless we explicitly suggest it since most of the data accessible through our public API requires a user who has permission to access it. When using a "Server Application" client to get data on sessions or folders, only sessions and folders that are publicly available will be returned, and you may see less data than usual on those objects.

The "User Based Server Application" client can be used to get an OAuth2 access token by sending a Panopto user name and password directly, associating the access token with that user and their permissions. That will return information on objects such as sessions or folders that the user has access to and may return additional information depending on the type of access the user has to that object. Creators and administrators may have access to additional endpoints (such as creating scheduled recordings or accessing user data) than viewers.

Since an OAuth2 access token created with a "Server Application" client is never associated with a user, it has no permissions in our system and there is currently no way to grant those permissions to a "Server Application" client.

I hope that this helps. Please let me know if you have any other questions.

Thanks,

Kevin