In our Mendix application we would like users to be able to submit feedback to the development team using a feedback feature in the application. We do not wish to use the Feedback & Collaboration Widget. We previously used the Feedback & Collaboration Widget, but this was distracting to users when it was configured to show on all pages. The screenshot feature of the widget was disabled for data confidentiality reasons and the context sensitive Feedback Mode was confusing to users. We are developing a custom feedback feature that uses the Mendix Feedback API to submit feedback, with a Mendix API key stored in a constant. The standard option in the Mendix Platform to create an API key seems to be intended for automation or third party tools on a developer workstation, and any API key generated would be associated with a specific developer's Mendix Platform user and have permission to use any API call that the developer has permission to use. This is not acceptable for 2 reasons:
- The feedback feature would stop working if the developer that created the API key leaves the development team
- The API key would be in the mpr file and version control history, anyone that copies the mpr file could use any API call the developer has permission to use, and the log would show that the developer that created the API key requested these actions
I requested a Mendix API key that is not associated to a user and only has permission to use the AddFeedback API call from Mendix Support as a “Non-Standard change”, but Support confirmed that “Currently, there is no functionality available in the Mendix Platform that would restrict a user with a Mendix API key to have access to a specific API” and invited me to use the Mendix Idea Forum.