API Authentication, updates to the Activity Log, and Data Export Transparency

jaeW_at_Onyx Coach
edited December 2023 in Governance & Security Ideas

At the moment it can be unclear when users are downloading data from Domo.

For example requests against this API https://{{domo_instance}}.domo.com/api/query/v1/execute/{{dataset_id}} , do not hit the activity log; however, savy users could use this to download datasets to their computer.

I appreciate that this same query might be the query that feeds a Dataset View or a Card in Analyzer; however, when the query does not originate from the Domo UI (and instead python, postman or visual studio code), that may be a time to capture this query request in the Logs.

Similarly, if users are blind guessing at developer_token authentication (x-domo-developer-token) or using expired tokens, it would be ideal if the Activity Log surfaced that an invalid token was being used.

If an object is altered in Domo (an ETL, security settings, a certified card) it would be ideal to know how the user authorized the command - via UI or a which authentication header.

Jae Wilson
Check out my 🎥 Domo Training YouTube Channel 👨‍💻

**Say "Thanks" by clicking the ❤️ in the post that helped you.
**Please mark the post that solves your problem by clicking on "Accept as Solution"
2 votes

Active · Last Updated