API Security
Summary: API Security
Content (required): We are looking to have a third party vendor help us with some reqs and the candidates attached to those reqs. They have an API for Taleo. I have not used APIs before to have a full understanding of them and learning along the way. They are asking for SOAP API access for TEE with admin access. Is there a way to lock down what they can access in this permission so they can't access everything since they are the ones setting up and using the API?
An idea I had: We currently only use 'Main Group' as the User Group in Taleo. If I created a second User Group, put that User Group on the API admin user account, assigned their reqs to that User Group, would they then only be able to pull data from reqs and candidates attached to those reqs with that User Group or would the API still be able to pull anything if they didn't limit their scripts?