Old wording: The requests are scoped with the user whose API token is used. Only his/her time entries and time entries in a workspace where the user is an admin are updated, retrieved and created.
My team (and myself) read this as The user can only get their own time entries. I'm hoping this wording will make it a little clearer what the user can actually do with their token.
Old wording:
The requests are scoped with the user whose API token is used. Only his/her time entries and time entries in a workspace where the user is an admin are updated, retrieved and created.
My team (and myself) read this as
The user can only get their own time entries
. I'm hoping this wording will make it a little clearer what the user can actually do with their token.