kskibinski

Some REST API calls stopped working after Roles and Permissions were enabled

0 votes

Good day,

I am using postman and have a few routines using the (CA) Sandbox API key and query layouts by email ID, which was working.

I have another routine where I can delete the layout based on the ID copied from the routine described in the previous line.

After Roles & Permissions were enabled in the Sandbox (CA) environment, these routines stopped working.

1. When querying layouts for a specific email, a 403 error is in the response. "Access Denied" "Error.forbidden.noPermission"

If the email is removed (ownerEmail parm), the response will return layouts specific to the owner account only, so I know the API key and connectivity is working.  There is a layout intentionally created using the owner account.

2. If I copy the ID of the owner layout and run the delete routine, I get a 403 error.  "Acces denied". "Cannot edit or delete the package"   "user:     xxxxxxxxxx does not have EDIT/DELETE access to the package:   layoutid"

user: xxxxxxxx maps to the owner ID

the layout ID is associated with the owner ID.

Enabling the Roles and Permissions option seems to have affected some of the routines.

Any help is appreciated.

Thanks,

Kerry from the Manitoba Public Insurance account

 


Approved Answer

Reply to: Some REST API calls stopped working after Roles and Permissions were enabled

0 votes

Thanks very much for the quick reply. your time is very appreciated.  I will give your answer a try.


Reply to: Some REST API calls stopped working after Roles and Permissions were enabled

0 votes

Hi Kerry,

 

After you enabled the Roles & Permissions feature, you need to follow two steps in order to manage other senders' transactions, templates and layouts:
Step1: Create an account role with at least “API Access” and “Manage users' transactions, templates, layouts (API)” permissions

Since you are leveraging the APIs, this step can be done via this call:
 

HTTP Request

POST /api/account/roles

HTTP Headers

Authorization: Basic {your_api_key}

Content-Type: application/json

Accept: application/json

Example Payload

{
  "name": "Super Admin",
  "enabled": true,
  "description": "Customized Role for Regional Manager",
  "permissions": [
    "sender_admin.api_access",
    "transaction.access_other_users_transactions"

  ]
}

You can get the account role ID from the response.

 

Step2: Assign this newly created account role to your admin user. The easiest way is to manage sender roles via the UI portal.

If you want to achieve the same goal in API, use below call:


 

HTTP Request

POST /api/account/senders/{senderId}/roles 

HTTP Headers

Authorization: Basic {your_api_key}

Content-Type: application/json

Accept: application/json

Example Payload

[ { "id": "account_role_id_from_step1" } ]

 

Note that besides the account role ID, you also need the sender ID which can be retrieve by this API:
GET /api/account/senders?search={sender_email}&from=1&to=100

 

Duo

 

Duo Liang OneSpan Evangelism and Partner Integrations Developer


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off