Giving Developers Access
What Credentials should I provide Developers?
A Developer may request a ClientID and Client Secret. These are stored in the database and can be found in the Administration > API Clients. You may want to create an API Client specifically for your application. The permissions you grant will depend on the application and are determined by the User specified in the API Client record.
Developers will need a User login in order to access the Swagger Interface, since the tool requires authentication. This is a tremendous boost to productivity because queries to the REST api can be prototyped and tested here without coding. In order to query system lookup tables, a Developer should have the Setup Admin field set to True in the User record.
In either case, the User should be granted Permissions for the Pages which will support the application being developed. It is often necessary to have access to related Pages, so you may opt to be generous when granting permissions in general, but remove those permissions for sensitive records which are known to not be necessary to the application.
You maybe also want to give his User record a Security Role with API Procedure permissions since these are used by the api.