I need to write a Google script with the doGet() function that edits more cells of a Google sheet. This script is called via https URL. All the members of my Organization Will be able to call this URL and to edit in this way the cells of the sheet. BUT I Need that the sheet itself isn't directly accessible to the members. They can modify the Google sheet ONLY by calling the doGet via https URL.
The question: how can I let the script function) called by the members to edit but also to prevent any editing by hand by the users?
2 methods to achieve this:
1.Share sheet as "view only" and execute script as yourself
First, share a spreadsheet to the whole company with the "Viewer" if you want them to be able to see, but not modify it. If you don't want them to see it at all, just don't share it. Then, in AppsScript, when you deploy doGet() as a web app, you can set "Execute as" to "Me", and "Who has access" to your whole organization. This should be enough.
2. Protect ranges and unprotect them while the script is running
If for some reason you can't execute as yourself, you can protect all of the sheet's ranges by default and use Protection class in AppsScript to unlock certain ranges for other users just for the duration of the running script. Please see the examples in Protection docs.