XF 2.1 All scopes API key not allowed to get all users or update user

[GreatSpoon]

Hello,

I created an API key with the key type set as "Super user key" and the "All scopes" option checked for Allowed scopes.

When I try to get all users on my forum or update a specific user I get the following sent back in my curl request:

code => do_not_have_permission
message => You do not have permission to view this page or perform this action.

Any help would be greatly appreciated.

Thanks[/code]

 

[slw]

I had the same issue.

I tried adding header "XF-Api-User: admin" because documentation says the api defaults to guest user. But this did not help either.

Then I tried sending "api_bypass_permissions=1" request parameter and then I got the expected response. Seems wrong to have to pass this parameter when using "XF-Api-User: admin" where my 'admin' user is a 'Super administrator' who is supposed to have full permissions.

 

[Michael Murguia]

@Brogan ? Help?

Same issue here.

 

[crondoc]

I had the same issue.

I tried adding header "XF-Api-User: admin" because documentation says the api defaults to guest user. But this did not help either.

Then I tried sending "api_bypass_permissions=1" request parameter and then I got the expected response. Seems wrong to have to pass this parameter when using "XF-Api-User: admin" where my 'admin' user is a 'Super administrator' who is supposed to have full permissions.

Thanks. This sorted it for me, albeit I'd like to not have to do it this way.

 

[kolakube]

I tried adding header "XF-Api-User: admin" because documentation says the api defaults to guest user. But this did not help either.

You need to pass the user ID to XF-Api-User for super keys to work, not the username. @crondoc

 

[crondoc]

Thanks @kolakube that works.