Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 13 Apr 2020, 19:30
elieseif elieseif is offline
 
Join Date: Apr 2020
no_permission when creating user through mobile API

SOLVED: See posts #4 and #5

The call to api.init generates the required access token, client id, secret, and api version, but the call to user.save is returning an no_permission error.
Using vBCloud 5.6.0

Here's the code snippet to api.init:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

And the call to api.save:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Here's the generate query string for the api.save call (I've replaced the hash strings with XXX):

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Adding api_c to the user.save method call generates in invalid_api_signature. Otherwise, it's a no_permission error. Also tried logging in as administrator before creating a user and still got the no_permission error.

There's very little documentation on the API, any help would be appreciated?
Thanks

Last edited by elieseif; 17 Apr 2020 at 11:32.
Reply With Quote
  #2  
Old 13 Apr 2020, 22:50
shka shka is offline
 
Join Date: Mar 2016
Without login?

Just a guess: api.init, user.login2,api.init (on first page of api docs is written - needed after .login, but after login2?), and then user.save
Reply With Quote
  #3  
Old 13 Apr 2020, 23:11
elieseif elieseif is offline
 
Join Date: Apr 2020
I tried logging in as Administrator after api.init and before api.save, and got both session and cpsession hashes so login was successful, but api.save still gives no_permission.
I also tried calling api.init again after user.login2, no change.

That said, whenever I include api_c in login2 or save method calls, I get "invalid_api_signature". If I remove api_c and keep api_s, api_sig and api_v, I am able to login, but user.save gives the no_permission error.

At this point, I'm out of ideas.
Reply With Quote
  #4  
Old 15 Apr 2020, 14:28
shka shka is offline
 
Join Date: Mar 2016
Yepp, api docs are really bad. Solution is the security token getting by login call.
Following example works in my local xammp dev enviroment. I've used loginSpecificUser but also login2 is possible. After login fetchCurrentUserinfo and get username (to check if correct login) and securitytoken.

After that an example for adding an post and adding a user.

You need to change apikey, urlapibase, userid and password for userid


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote
  #5  
Old 17 Apr 2020, 10:47
elieseif elieseif is offline
 
Join Date: Apr 2020
Many many thanks. I finally got it to work.

But for anyone who comes across this thread, here's what I discovered.
The call to the api works in GET mode, but not HTTP POST.
It only works in POST mode if you provide the full url with the query parameters in the url and not only as CURLOPT_POSTFIELDS

Both my version of the code and yours work when the HTTP call is modified accordingly, so there was need to fetch the admin and the security token after logging in. The sequence is api.init ---> api.login2 ---> api.save

This is clearly a bug in the api!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 08:59.

Layout Options | Width: Wide Color: