Hello, I’m trying to better understand how much access an authenticated user has to their metadata. There’s conflicting documentation on it. On the User Details page in the Management console it calls user_metadata " Data that the user has read/write access to (e.g. color_preference, blog_url, e…

Hello @mike.benza welcome to the community! [image] mike.benza: Do I need to worry about the user editing their user_metadata if I don’t “build a form using the Management API?” How would the user even get a management API token? They can obviously see their access token once you give it to the…

How can a user access their user_metadata (read/write)

Help

tyf August 25, 2023, 11:52pm 3

Hello @mike.benza welcome to the community!

It is possible to obtain a limited Management API token client side. If the access token is scoped properly (read only) then you shouldn’t need to worry about a user editing metadata, but it is still generally recommended to handle this server side.

The following FAQ outlines this exact scenario:

Hope this helps!