If you are using the API in a custom app and getting the API key from a configuration/setting. (The settings/configuration is set when you install the app.)
Is it possible to get it from the user object instead?
Lets say you use the custom app from another agent which should not have access to the Admin API key.
Is it possible to retrieve the API key based on the user that is logged in, so Admin Api key is not exposed to lower levels of user roles.
Users without the admin role can't access custom apps which means they can't configure their own API key in the app either.
Is there a solution to this?
According to the documentation the user’s API key is not available in the payload from “loggedInUser”. Perhaps if you could describe the use case of the application we could come up with something that would work using conditionals in your codebase.
We see this as an issue since we are not able to install applications for specific users. All of the application locations (Requester Sidebar, Ticket Sidebar, Background, etc.) when installed are apparent to all users. I have had to use loggedInUser as a conditional to prevent functionality for an app, but it still renders for all users.
Hit up the Freshworks Developer Community and perhaps there will be more information over there. Hope this helps.