We are going to integrate our Mattermost server to another systems and we have to read some information about teams, channels and users trough API. What would be the best way to authenticate to API in that kind of use case? It sounds a bit inconvenient if we create a service account with system admin rights when we need only read access to API. Is it possible to create some kind of special account (with read only access) for API of authenticate using apikey or something?
Right now you can only access the API with the permissions of a specific user. I’d suggest creating a bot account that has the role you want (regular user, team admin, system admin, etc.) and then give your integration access to that account through either OAuth2 or by the normal login process. Then, if you are on 3.9+, you can use the APIv4 endpoints, documented here https://api.mattermost.com/v4/, to pull the data you need. If all you need is access to read public channels then a regular user just needs to be on the team and it should have access to read public channel without being in them. All users also have access to read other non-confidential user data as well