https://stackoverflow.com/questions/21862865
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou're confusing two topics / talking about two separate things here:
thing 1 - CONNECTING to a third-party app
thing 2 - MAKING API CALLS from a third-party app
Only an administrator can connect to a third-party app.
Once you're connected though, there is no user account involved at all. Your app makes API calls to do whatever, and it doesn't involve an actual user account in any way, shape, or form. Your third-party app can do whatever the heck it wants, regardless of what users you have or who is logged in or anything else.
Remember - the way OAuth works (or should work, if you've implemented it correctly) is that you only connect your app ONCE, and store the OAuth credentials. Your app can then make whatever calls it wants at any time with no user-interaction required what-so-ever using those tokens.
So, to answer your questions:
Is it possible for these users to authenticate with an app which is owned by the administrator in order to make API calls?
If the app is owned by the administrator (e.g. the administrator already connected/signed up for the app) then you are already authenticated, and being authenticated has nothing at all to do with any individual user.
In our testing, when a non-administrator tries to connect via OAuth, they get the following error:
This is the connection process - it is a one-time process to get the OAuth credentials, after which you have can do whatever you want with the API, regardless of what users exist or even if anyone is logged in or anything else.
Is it not possible to make API calls on behalf of non-administrators?
Again, API calls have nothing to do with user accounts. The administrator makes the initial connection to get the OAuth tokens, and then after that the API can do anything without any interaction or relationship with any user what-so-ever.
Once you have those tokens (again, a one-time process) then you can do whatever you want with the API.
