mikcanf | Posts: 71

retrieving Sender via email adderess ( works ) vs Sender ID ( fails )

0 votes

After doing some 11.39 SANDBOX testing; seems retrieving Sender via Email works but retrieving Sender via Sender ID does not.

{{TheHost}}/api/account/senders/1iVOFpzqGzoF
{
    "messageKey": "error.forbidden.viewSender",
    "message": "You do not have the necessary permission to view this sender.",
    "code": 403,
    "name": "Access Denied"
}

I shouldn't have security issue as I'm owner of Account.  Any idea's?


mikcanf | Posts: 71

Reply to: retrieving Sender via email adderess ( works ) vs Sender ID ( fails )

0 votes

FYI testing via POSTMAN application . . .


Duo_Liang | Posts: 3776

Reply to: retrieving Sender via email adderess ( works ) vs Sender ID ( fails )

0 votes

Hi Mike,

 

It looks like an insufficient permission error to me - if I used a Regular sender's API Key or API Token and query these two endpoints:
GET /api/account/senders?from=1&to=1&search={sender_email}

GET /api/account/senders/{senderId}

The first call returned success, and the second call hit the same 403 error.

So firstly, could you kindly check if you are using the correct API Key/Token? There's an easy way to test whom this API Key/Token belongs to:

GET /api/session

and search in the response: "user" > "email"

 

Duo


mikcanf | Posts: 71

Reply to: retrieving Sender via email adderess ( works ) vs Sender ID ( fails )

0 votes

Hi Duo, if I use APIkey value in header and retrieve session object ( {{TheHost}}/api/session ) it seems to show below.  Should this not be my email address???

 


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Mike,

 

That's an interesting finding! 

#1 Could you log onto your sender portal, choose the "API Access" from the "Admin" dropdown and double check your API Key against the one you input in Postman?

#2 session owner should be the API Key holder, so either the Postman is using the wrong API Key, or at the same time, I am investigating if the delegation feature could affect the session owner.

 

Duo 


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off