Skip to main content

Part 1: Coda Data Ingestion

Set up a Coda API token so ConfigView can pull your Coda docs and their external-share status into the dashboard.

Step 1: Create a Coda API Token

  1. Go to: https://coda.io/account
  2. Scroll to the API Settings section
  3. Click Generate API token
  4. Name: ConfigView
  5. Click Generate
  6. Copy the token — you will only see it once
The token inherits the permissions of the user that created it. Create it under an account that can see every doc you want ConfigView to audit (typically a workspace admin).

Step 2: Add the Token to ConfigView

  1. Go to your ConfigView dashboard: https://{companyname}.configview.com/admin/secret/
  2. Click Add Secret
  3. Secret name: CODA_API_TOKEN
  4. Secret value: Paste the token from Step 1
  5. Click Save
By default, ConfigView treats the doc owner’s email domain as “internal” and flags any share outside that domain as external. That fallback is fine for single-domain orgs where you always own your own docs, but it misclassifies three real cases:
  • Multi-domain orgs. If your company uses @acme.com and @acme.io, a doc owned by someone at acme.io will flag every acme.com colleague as external.
  • External-owned docs. A contractor creates a doc in your Coda workspace. The fallback treats the contractor’s domain as internal, so your own employees show up as external shares.
  • Personal-email owners. A doc owned from @gmail.com makes everyone else external noise.
Setting CODA_INTERNAL_DOMAINS replaces the per-doc heuristic with one authoritative list applied uniformly.
  1. Go to: https://{companyname}.configview.com/admin/secret/
  2. Click Add Secret
  3. Secret name: CODA_INTERNAL_DOMAINS
  4. Secret value: comma-separated list of your internal domains, e.g. acme.com,acme.io
  5. Click Save

Step 4: Enable the Coda App in ConfigView

  1. Go to: https://{companyname}.configview.com/admin/app/
  2. You should see Coda in the list of available apps
  3. Select the scripts you want to run:
    • Docs — All docs visible to the API token, with owner info and external-share details
  4. Click Save

Step 5: Verify

  1. Go to: https://{companyname}.configview.com/admin/status/
  2. Run the Coda health check
  3. All checks should pass:
    • Secret Manager access
    • Coda API auth
    • /docs endpoint reachable
If a check fails, verify:
  • The CODA_API_TOKEN secret is saved correctly (no extra spaces)
  • The token was generated by an account that can see the docs
  • The token has not been revoked in https://coda.io/account

Data Tables

Once the script runs, the following table is created:
TableKey Columns
coda_docsdoc_id, doc_name, doc_url, owner_email, owner_name, coda_created_at, external_shares (JSON), notes
external_shares is a JSON array of Coda ACL permission objects. Each entry includes the principal (email, domain, or anyone) and the access level (readonly, write, comment, none). Docs whose ACL cannot be read with the current token are still recorded, with notes set to permissions unreadable (HTTP 403) or similar. This usually means the token does not have access to that specific doc. All tables include a run_at column for historical tracking. Rows are upserted on doc_id, so each doc is a single row that updates in place rather than accumulating snapshots.

External-Share Classification

A permission is counted as external when:
Principal typeExternal when
anyoneAlways — this is a public or “anyone with the link” share
emailThe email’s domain is not in your internal-domain set
domainThe domain itself is not in your internal-domain set
The internal-domain set comes from CODA_INTERNAL_DOMAINS if set; otherwise the doc owner’s email domain is used per-doc (see Step 3).

Troubleshooting

IssueFix
Health check fails on “Coda API auth”Verify CODA_API_TOKEN secret is correct; regenerate the token at https://coda.io/account if needed
coda_docs is empty after a runThe token’s account has no docs it can see. Regenerate under a workspace admin account
Many rows with permissions unreadableExpected for docs the token user is not a member of; grant the account access or regenerate the token under a broader account
Own employees showing up as externalSet CODA_INTERNAL_DOMAINS with your full internal domain list (Step 3)
Public shares not flaggedPublic shares appear as principal.type = anyone in the raw payload — verify the permission exists in Coda under Share → Anyone with the link