XF 2.1 All scopes API key not allowed to get all users or update user

GreatSpoon

New member
Hello,

I created an API key with the key type set as "Super user key" and the "All scopes" option checked for Allowed scopes.

When I try to get all users on my forum or update a specific user I get the following sent back in my curl request:

code => do_not_have_permission
message => You do not have permission to view this page or perform this action.

Any help would be greatly appreciated.

Thanks[/code]
 

slw

Member
I had the same issue.

I tried adding header "XF-Api-User: admin" because documentation says the api defaults to guest user. But this did not help either.

Then I tried sending "api_bypass_permissions=1" request parameter and then I got the expected response. Seems wrong to have to pass this parameter when using "XF-Api-User: admin" where my 'admin' user is a 'Super administrator' who is supposed to have full permissions.
 

crondoc

New member
I had the same issue.

I tried adding header "XF-Api-User: admin" because documentation says the api defaults to guest user. But this did not help either.

Then I tried sending "api_bypass_permissions=1" request parameter and then I got the expected response. Seems wrong to have to pass this parameter when using "XF-Api-User: admin" where my 'admin' user is a 'Super administrator' who is supposed to have full permissions.
Thanks. This sorted it for me, albeit I'd like to not have to do it this way.
 
Top