A Robot is a special super user that allows programmatic access to an entire organizational account. It can create, read, update, and delete any information across all workspaces in the organizational account.
A robot can only be used programmatically. In other words, you cannot log in as a robot. You can only use the APIs.
Robot accounts are immensely powerful. Care must be taken to ensure credentials do not end up in the wrong hands, and that people who are to be trusted with credentials are carefully vetted.
Robots can only be managed by the Owner or Co-Owners of an organizational account.
Administrators cannot manage robots.
Individual robot access can be shared to any member of the account.
If you are the Owner or a Co-Owner of an organizational account you can:
The integration settings page includes a list of your existing robots, informing you of:
Clicking on a row will lead you to individual settings for that specific robot.
Once in the robot management section you can:
A robot will now be instantly created with some default values that you will want to modify.
NEVER send credentials in an email or through any other communication channel.
Use only the sharing functionality discussed here. This allows you to securely share credentials with the intended people, without the possibility of interception by third-parties.
Robots can only be shared with members and administrators of your organizational account.
Go to the settings of a specific robot.
The individual you have shared with gets an email prompting them to sign in to view the robot credentials.
You can always remove a user's access to the robot's credentials by clicking the Remove button in the list of members you have shared with.
Unsharing does not invalidate existing credentials. Unsharing only means that from this point onward the user will not be able to find the credentials after having signed in. For example, if the user has written a script using previously shared robot credentials, that script will still be working even after unsharing them to that user.
The only way to invalidate robot credentials is to delete the robot and instead create a new one.
As an Owner or Co-Owner of the organizational account, you can always find the keys and secrets needed to interact with the APIs.
There are two sets of credentials for each Robot, both of which are also visible to any member that the robot has been shared to.
OAuth1 is still supported by ProjectPlace. But it is no longer the recommended way to use a robot.
Opt for the OAuth2 Client Credentials flow whenever possible.
Deleting a robot immediately invalidates associated credentials. This means that integrations using these credentials will immediately stop working.
Deletion is irreversible.
Don't be overly scared about deleting robot accounts. You can always create a new robot and use those new credentials instead of the old ones. While the credentials are lost forever, whatever integrations you have set up can always be populated with credentials from a new robot.