We gave access to some third party applications to our Infusionsoft instance. They authenticate via OAuth and as per my understanding they get full access (given that the only value for the OAuth scope supported by Infusionsoft is “full”). So my first question is about controlling the scope… Is there a way to control what third party applications can access? It seems a bit unsecure to give full read/write access by default to any apps that are authorised to access our Infusionsoft instance.
On top of that, I’m quite keen to understand what are the current mechanism to monitor API calls made by those applications so that we can track what has been accessed/modified and by whom. Is there anything in place in Infusionsoft to log API interactions (e.g. audit log, event log…)?
Thanks for your answer.