Record permission with get records api

I have set up the app so that I can only see my own records by allowing only "create by" permission in the record list.
One problem is that there is a javascript code that gets the entire list through the get records API, but the result only shows my own records.

  1. Permission to allow my own records.
  2. Retrieve all records through the API.
    Is there a way to do this?

Hello @H_Nar

If you're trying to retrieve all records created by the logged-in user, you should use the query string. The script would look something like this:

(function() {
    'use strict';

    // Function to fetch records created by the logged-in user
    function fetchRecordsCreatedByUser(appId, userCode) {
        // Construct the query to fetch records where the creator is the logged-in user
        const query = `CreatedBy in ("${userCode}")`; // Replace CreatedBy with your actual Created By field code
        const params = {
            app: appId,
            query: query,
            fields: ['CreatedBy', 'Text'] // Replace with your actual field codes

        // Make the API call to fetch records
        return kintone.api(kintone.api.url('/k/v1/records.json', true), 'GET', params)
            .then(response => {
                return response.records;
            .catch(error => {
                console.error('API call failed:', error);
                throw error;

    // Execute the function when running the script in the console
    const appId =;
    const userCode = kintone.getLoginUser().code;

    fetchRecordsCreatedByUser(appId, userCode).then(records => {
        console.log('Records created by the logged-in user:', records);


Hello @H_Nar

After re-reading your message several times, I realize I may have misunderstood your initial concern and did not provide an appropriate answer.

My current understanding is that you have an app with permissions set up so that you can only see records you created yourself. Your problem is that the Get Records API only allows you to obtain records you have permission to access, but you would like to retrieve all records regardless of the permissions. Please correct me if I am wrong.

If this is the case, using API tokens would be a solution to retrieve all records regardless of the permissions. However, please note that if you use the API token in the same app, the token can be visible via the console. This means that users who try to obtain the token can see all data, even if they do not have the appropriate permissions. Therefore, it would be best to place the script in another app and set permissions on that app so that only certain users can access it.

Hello, @Chris
Your understanding is correct.
Thank you for your advice.