Every app on Pitchly has a set of permissions that allow it to perform certain actions, no matter whether the app is made to do work on your own organization or on behalf of another. Requesting only the permissions your app needs is a great way to prevent accidental damage if your app tries to do something unintended, or if your app becomes compromised.
Below is a list of all the possible permissions an app can have in Pitchly. If you are building an app that is installable by other organizations, keep in mind that admins of those organizations will be prompted to accept your requested permissions before installing your app. More permissions could lessen the chances that an organization uses your app.
If none of the above permissions are applied to an app, the app will only be able get basic information about databases (and their fields) in an organization, but not any of their data.
Existing database fields currently can't be changed via the API, but fields can be added via the addFields permission. Apps that add fields using this permission can also edit and delete the fields they've added, and users won't be able to modify the field (but they can its value) through the Pitchly interface. These fields are "owned" by the app as long as the app is installed.
This type of functionality is intended for situations where you want app-specific information to be attached to each record in a database where you allow users to edit its value (like a dropdown). This isn't recommended if you are using the API against your own data.
If you are using the Client API to interact with your own data using Pitchly's API, you can specify the maximum permissions that belong to your Key Set (or App). This allows you to restrict what applications using your App Secret can do in Pitchly.
This can be found in in the top right corner of your Pitchly account in the Organization menu > Company settings > API keys > Create new key set or by editing an existing Key Set.