Using the Data API for Analytics

We’ve been trying to utilize Epicenter’s data features to capture simple analytics from the interface. Essentially the following:

  • Save an (anonymous) user’s choices as a structured JSON
  • Read all of these records as an admin

Storing and retrieving the data works like a charm, however, we could only make it so that every user in the system can retrieve (and even delete) everybody else’s data. It’s obviously not desired, so the question is whether there’s a way to:

  • Allow creating new records for everyone (without logging in, or automatically generating users under the hood)
  • …but only allow accessing the records for an admin user with a specific password?

Forio supports anonymous reading/writing to the data api. It also supports specified data scopes

  • group - all users in a group can read/write any data
  • user - user can read/write their own data
  • fac_group - facilitator can read/write data in a group

Unfortunately, you can’t have anonymous users write to the data api and only a facilitator (or admin) read it.

If you have the user log in, you can have the user write with user scope (ordinary users can read/write only their own data). Facilitators can always read/write any data. So the user could write and the facilitator could read.

Would that work?