Access Groups
Manage how your data can be read or written by our API
Use Access Groups to control what data can be accessed via our API and to split out your data by groups such as testing and production. An access group consists of API tokens, data sources, and end user groups. Each API token can be configured to have either read-write or read-only permissions to our API.
When one of your team members uses that API token to access your data, Explo will only send the data sources and end user groups associated with that token's access group. If someone tries to create a new end user group via the API, they will only be able to associate that end user group with data sources also linked to their token.

Real-World Example

You might want to create a "Testing" access group for your developers. This group would have one API token with read-write permissions and would be associated with any of the end user groups or data sources that you've created for the purposes of testing your dashboards.
Now, anyone using the "Testing" API token would be able to test embedding Explo dashboards without seeing any production data. Because the token is read-write, they'd be able to create new end user groups to test with, but those new end user groups would also only be able to use your "testing" data.

Managing Access Groups

To manage your access groups, go to the Access Groups section of the settings page. From there, you have the ability to create and delete access groups, add, modify, or delete API tokens, and update the data sources associated with each.
A "Production" access group with one read-write API token
For each schema, you can choose one data source to be the default for your access group and any number of other data sources to also belong to that access group. Note that one data source can belong to multiple access groups if you require that.

Updating End User Group Access

Access Groups and their association with end user groups can be managed from the end user group modal. Note that an end user group can only be associated with one access group at a time.