Hook
Running Domo API calls as the authenticated user is fine — until you need admin-level access to pull all cards, all datasets, or anything else that requires elevated permissions without handing out admin credentials.
Why It Matters
Every other place in Domo where you can access account objects, you can also print the password in cleartext if you know what you're doing. CodeEngine breaks that pattern. It lets you impersonate an admin user — effectively running with sudo — without ever exposing the underlying credentials to the function caller. This matters because it opens up a class of automation that previously required either giving users admin access or hardcoding sensitive credentials directly into scripts.
What You'll Learn
- Understand why CodeEngine's account model is fundamentally different from other Domo credential patterns
- Build a
get_accountfunction that retrieves typed account objects by name - Implement user impersonation in CodeEngine Python functions using
domolibrary - Structure your CodeEngine functions with explicit input/output types for reliability
- Use a shared account to pass elevated credentials without exposing the underlying secret
Scaffolding Admin Impersonation in CodeEngine
The foundation of this pattern is a get_account function that wraps CodeEngine's native doget_account. You pass it an account name as a string, and it returns a dictionary — the credentials object you'll use for subsequent API calls. The key design decision here is typing: the input is text, the output is object. Being explicit about types in CodeEngine function signatures prevents silent failures when data gets passed between functions.
The impersonation model works like this: you create a shared account (in the video, called "pseudo demo") and share it with your CodeEngine package. When a function calls get_account with that account name, it retrieves the credentials for that shared account — not the credentials of whoever triggered the function. The caller never sees the underlying secret; they just get the authenticated result.
This is the sudo pattern for Domo. A user running a custom app calls your CodeEngine function, which internally fetches the admin account object and uses those credentials for the actual API call. The user gets admin-scoped data without admin access, and the credentials never leave the server-side execution context.
The baseline scaffolding comes from domolibrary (installable via pip install domolibrary), with the core patterns adapted into a reusable _base.py module. The full code sample is linked in the description — the intent is that you copy this as a starting point rather than rebuilding the account-fetching and impersonation wiring from scratch every time you start a new CodeEngine package.
