Access tokens limitation

Would it be possible to limit access to certain sites in the Matomo system, through access tokens?
I’ve noted that every time I set the token in to a client site, they technically have access to check all of the other sites in my installation with certain specific Token. I don’t seem to find a way to limit such API access through such token.

Hi @SirLouen
I think that you can create a new feature request at:

(check first if such a feature request doesn’t already exist in the backlog…)
As a workaround, you could create a fake user for each site (or group of sites), user that you manage yourself. Give him access to the selected site(s).
Connect as this new fake user, and create the access tocken!

Thanks, good idea, so basically a per-user-site-access right?

it’s a valid concern
so
when you set a token for a client site, they can snoop around all the other sites in ur matomo setup using that token. that’s not good
unfortunately, it seems like matomo doesn’t provide a built-in way to limit api access for a token to only a particular site
it’slike an all-access once they’ve got the token…

Yes, I’ve been able to sort this with the Philippe idea, creating a dummy user for each client and creating the tokens for the sites from there. I think this is fine for me.

2 Likes