Restricting API Scope

Our Use Case: Seek to allow 2 different third parties to use the API to access the data collected within JotForm to integrate that information into the 2 different applications they handle. I would like to set up the API such that each firm only has read access to the specific tables (and ideally only the specific fields within a table) required for their purpose (i.e. the least permissive approach). 

Question: In the single user scenario, I can see how to add a new API key, but cannot see how to restrict that API key to a single user or otherwise to restrict it to a different scope of data than other API keys. How do I best accomplish this? Does this require enterprise edition and if so would that allow me to assign a specific API key to a specific user with the user then being restricted to only the access they require?

Hi VistageFla,

Thanks for reaching out to Jotform Support. Unfortunately, our API doesn't allow controlling so much of what to share. You can set the API to just read only or to full access, but you can't control which forms or data will have access to.

While the feature you’re looking for isn’t currently available, rest assured we’re always working to add new services and features to Jotform. I've gone ahead and escalated your request to our Developers. When or if it's implemented depends on their workload, how viable it is, and how many other users request it. If there are any updates, we’ll circle back to this thread and let you know.

By the way, you can also contact our Enterprise team by filling out this form to see if they can provide any solutions for your use case.

Reach out again if you have any other questions.