You need to sign in to do that
Don't have an account?
Inserting and modifying clients' data as a connected app?
If I have an application which needs to update data in a user's org through the REST API, and I need to be able to update data for any user within that org using my application, what is the most ideal way to do this?
Currently I have a custom permission set which grants modify all permissions to my app's objects, which users must be granted in order to use the application. Then I retrieve the user's access token through OAuth and use that user's OAuth token to update data through the REST API for every user.
I feel like this is a security issue since every user now has the ability to see every other user's records (only for my application's objects) and I'm wondering if there is a better way. Is there a way to edit an org's data thruogh the REST API without having an OAuth token from a user within the org? Is there some way I can do this with just my connected app?