Is there any way to use the user token and check the role when receiving an API request in Knack to prevent accessing some protected objects?
var user = Knack.getUserAttributes();
Will return the user information. You'll then see profile_X information in the data that relates to each of your roles.. So you can either map them or do lookups, depending on what you want to do..