BrAPI supports tokens across the calls but there's no way of knowing what permissions a given token has before performing a call. An accountInfo or tokenInfo (or serverInfo expansion) would allow the server to accept a token as input and return access information and levels so clients can enable/disable features based on what actions a user is able to actually perform.
"result": {
"userName": "John Smith",
"tokenExpirationDate": "2027-01-01T14:47:23-0600",
"accessGroupName": "Collaborator",
"readPermissions": [
trials,
studies,
programs,
observations,
observationVariables
],
"writePermissions": [
observations
],
}
BrAPI supports tokens across the calls but there's no way of knowing what permissions a given token has before performing a call. An
accountInfoortokenInfo(or serverInfo expansion) would allow the server to accept a token as input and return access information and levels so clients can enable/disable features based on what actions a user is able to actually perform.Prototype response body: