Third party service authentication

Hello, I want a third party service (simple nodejs application, which is written by me, but later not controlled by me) to be a able to write files to a specific bucket and update/add entries in a specific database collection. I don't want to give this service an API key with files.write or documents.write scopes, because then it could delete any file in any bucket and any document in any database collection. I tried to authenticate as a user, but I quickly noticed that its not possible to create and use a session using the server SDK. I tried to use the client SDK:

TypeScript

import { Client, Storage, Account, ID } from "appwrite";

const client = new Client()
  .setEndpoint("<my endpoint>")
  .setProject("<my project id");

const account = new Account(client);
const session = await account.createEmailPasswordSession(
    "testaccount@mail.com",
    "password"
  );
client.setSession(session);
const storage = new Storage(client);
await storage.createFile("<bucket id>", <unique id>, <file>);

but this also doesn't work without it running in a browser.

Now my question is, if there is any way to either restrict the API key scopes to be more granular, or somehow authenticate as a user using the server SDK or any other way I am overlooking to solve my problem?

TL;DR

Developers want a way for a third-party service to write files to a specific bucket and update entries in a specific database collection without granting broad permissions. They attempted authentication as a user but encountered limitations with the server SDK and client SDK. To restrict API key scopes, the solution is to create custom rules or use server-side OAuth tokens for user authentication.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support