Some REST API calls stopped working after Roles and Permissions were enabled
Wednesday, January 18, 2023 at 11:42amGood day,
I am using postman and have a few routines using the (CA) Sandbox API key and query layouts by email ID, which was working.
I have another routine where I can delete the layout based on the ID copied from the routine described in the previous line.
After Roles & Permissions were enabled in the Sandbox (CA) environment, these routines stopped working.
1. When querying layouts for a specific email, a 403 error is in the response. "Access Denied" "Error.forbidden.noPermission"
If the email is removed (ownerEmail parm), the response will return layouts specific to the owner account only, so I know the API key and connectivity is working. There is a layout intentionally created using the owner account.
2. If I copy the ID of the owner layout and run the delete routine, I get a 403 error. "Acces denied". "Cannot edit or delete the package" "user: xxxxxxxxxx does not have EDIT/DELETE access to the package: layoutid"
user: xxxxxxxx maps to the owner ID
the layout ID is associated with the owner ID.
Enabling the Roles and Permissions option seems to have affected some of the routines.
Any help is appreciated.
Thanks,
Kerry from the Manitoba Public Insurance account
Reply to: Some REST API calls stopped working after Roles and Permissions were enabled
Wednesday, January 18, 2023 at 03:24pmThanks very much for the quick reply. your time is very appreciated. I will give your answer a try.
Reply to: Some REST API calls stopped working after Roles and Permissions were enabled
Wednesday, January 18, 2023 at 02:41pmHi Kerry,
After you enabled the Roles & Permissions feature, you need to follow two steps in order to manage other senders' transactions, templates and layouts:
Step1: Create an account role with at least “API Access” and “Manage users' transactions, templates, layouts (API)” permissions
Since you are leveraging the APIs, this step can be done via this call:
HTTP Request
POST /api/account/roles
HTTP Headers
Authorization: Basic {your_api_key}
Content-Type: application/json
Accept: application/json
Example Payload
{
"name": "Super Admin",
"enabled": true,
"description": "Customized Role for Regional Manager",
"permissions": [
"sender_admin.api_access",
"transaction.access_other_users_transactions"
]
}
You can get the account role ID from the response.
Step2: Assign this newly created account role to your admin user. The easiest way is to manage sender roles via the UI portal.
If you want to achieve the same goal in API, use below call:
HTTP Request
POST /api/account/senders/{senderId}/roles
HTTP Headers
Authorization: Basic {your_api_key}
Content-Type: application/json
Accept: application/json
Example Payload
[ { "id": "account_role_id_from_step1" } ]
Note that besides the account role ID, you also need the sender ID which can be retrieve by this API:
GET /api/account/senders?search={sender_email}&from=1&to=100
Duo