I created an iCloud user [email protected] then I shared specific records with that user.
What I want to do is have a web site use that user to access only the shared records it can access but without having him authenticate through iCloud with Apple. The reason why is that I want to control what the web site can do and what it can access without asking a user to login/sign up with Apple iCloud and I don't want each users visiting the web site have to logon to Apple ID. I though this might be possible with cloudkit js using web services but it seem that the server to server key only gets access to the public database.
I'm not too fluent in JS and I'm trying to get the web developer to access my records.
The subject does not seem to be very popular and not much information exist out there. Please don't just say "NO IT'S NOT POSSIBLE". Give me a bit of info.
You are correct that getting CloudKit data via the server-to-server key or a JS API token can only get you access to the public database. User authentication is required for getting anything in a private or shared database.
This is sensible because your application wouldn't know which private database to query if it didn't have a CloudKit user as a reference. It would also be less secure if an anonymous user (even if it's your application) could query private user data.
As a workaround, you could have the iOS/macOS app push certain parts of the users' data that you want available on the web into your public database. You could make a record type in your public database of something like
Weband create fields for all the data that you need. This shared data would then be available, but everything would be available to anyone. The user would still have to identify themselves in your web app to get certain data (which could be done if you had auserIdfield in yourWebrecord type).Hopefully that makes sense. Let me know if you have follow-up questions.