Viewer Only permission is a fundamental platform feature introduced by Egnyte, that if enabled on a given domain is also visible in Egnyte’s Public API used by partners in their Egnyte integrations.
This FAQ is intended for partners maintaining existing or developing new third-party integrations with Egnyte. Read more about Viewer Only permission in general here.
Why Should I Approve or Re-Test My Egnyte Integration?
By approving compatibility of their integrations, partners enable their and Egnyte’s customers to benefit from the latest functionality provided by Egnyte.
What Changes Did Egnyte Introduce to the Public API?
Egnyte’s Public API consists of more than 20 endpoints falling into the following categories:
- File/Folder endpoints: Folders for which the API user has Viewer Only permissions continue to be visible on these endpoints and the user can navigate through the entire folder tree, however, files will not be shown in the endpoint responses. Copy and move operations containing subfolders with Viewer Only permissions are entirely blocked.
- Permission endpoints: Viewer Only permissions are fully visible to API users having sufficient permissions to view or manage permissions.
- Audit endpoints: Viewer Only permissions are fully visible to API users having sufficient permissions to view or manage permissions.
- Streaming / Event endpoints: Viewer Only permissions are fully visible to API users having sufficient permissions to retrieve events.
- Webhooks: Viewer Only permissions are fully visible to webhook users.
Is Testing Always Needed?
Egnyte cannot advise whether full testing is required for your integration or a static code analysis is sufficient to approve compatibility for your integration. Partners should review their code and integration based on the documentation provided by Egnyte to decide on the required testing scope.
Do I Need to Test For All of Egnyte’s API Endpoints?
Use cases only using the following endpoints can safely be excluded from testing for Viewer Only Permission:
- User management API (/pubapi/v2/users)
- Group Management API (/pubapi/v2/groups)
- Trash Management API (/pubapi/v1/fs/trash)
- Embed UI API (/pubapi/v2/navigate)
- Project Folders API (/pubapi/v1/project-folders)
- Bookmarks API (/pubapi/v1/bookmarks)
For an overview of all endpoints, refer to Egnyte for Developer API Documentation
Which Test Cases Should Be Tested?
The particular test cases and acceptance criteria depend on the use case of your integration and cannot be generally stated by Egnyte. However, the following scenarios may help partners identify test scenarios:
- Ensure permission responses containing Viewer Only permission are correctly handled and understood by your integration including proper exception handling
- Ensure best security principles following latest OWASP recommendations
- Prevent permission elevation scenarios when assigning permissions through your integration
- Aligned user experience, respecting that in Egnyte WebUI files with Viewer Only permission are visible, listed and able to preview but not in the Public API
Which Additional Help Does Egnyte Offer to Test or Approve My Application to Work with Viewer Only Permission?
Egnyte provides test domains, documentation about the changes introduced and ensures support in case of issues found during your testing.
Test domains can be created using Egnyte’s trial sign up on Egnyte website and raising a support ticket to activate Viewer Only permission on that domain.
I Have Tested My Integration and Approve It is Compatible - What Should I Do?
Reach out to Egnyte Support and approve that your integration works with Viewer Only Permission.