Question
Can I disable the API for my users? How are the permissions applied through the API token?
Answer
It is not possible to disable API access. Any user who has access to Tempo can generate an API token and use the available endpoints.
However, the permissions enforced through the API are the same as those defined in Jira and Tempo. This means a user can only perform actions via the API that they are already authorized to perform through the UI.