Coda
Authentication & Authorization
Credentials
- Coda uses token-based authentication.
- All API requests are authorized via a bearer token in the request headers.
- API Token can be generated in the Coda Settings (see the DataGrail Help Docs).
- Publicly exposing your API credentials can allow unauthorized access to the Coda API endpoints, and your Coda data by a third party. DataGrail stores your API token encrypted and protected.
Permissions
Coda admin privileges are required to generate API token that are used to authenticate (see the DataGrail Help Docs).
Endpoints Utilized
DataGrail uses the following endpoint to validate that credentials are good based on a successful response:
GET https://coda.io/apis/v1/whoami
Version
DataGrail Coda integration currently supports API version 1 (v1).
Limits
The Coda API sets a reasonable limit on the number of requests that can be made per minute. Once this limit is reached, calls to the API will start returning errors with an HTTP status code of 429.
DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Access
For an access request, DataGrail will take the following actions:
- Fetch a list of Coda docs accessible by the connected user
- Select docs owned by the person with the Data Subject email.
- Fetch a list of permissions for this Coda doc.
- Select docs which are shared with the person with the Data Subject email.
- For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
DataGrail also supports the Direct Contact Access workflow for Coda integration.
Endpoints Utilized
GET https://coda.io/apis/v1/docsGET https://coda.io/apis/v1/docs/{doc_id}/acl/permissions
Deletion
For a deletion request, DataGrail will take the following actions:
- Run access flow described above.
- Delete docs owned by the person with the Data Subject email (and selected to delete).
- Delete permissions to all detected (and selected to delete) docs for the person with the Data Subject email.
DataGrail also supports the Direct Contact Deletion workflow for Coda integration.
Endpoints Utilized
DELETE https://coda.io/apis/v1/docs/{doc_id}DELETE https://coda.io/apis/v1/docs/{doc_id}/acl/permissions/{permission_id}
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.