XF 2.2 API Superuser VS Admin

klamm

klamm

Member
Just curious:
If I create a SuperUser-API-Key, the API will not let me DELETE threads or POST to users ... unless I additionally send XF-Api-user (Administrator) with the headers.
Code: 
"errors": [
        {
            "code": "do_not_have_permission",

Shouldn't the SuperUser-API-Key be enough if it has all the permissions?
If I create a Key based on an Administrator with all rights and use this, no XF-Api-user header is neccessary.
 
This is expected as the super user key lets you control the user you access the API as, but there's always a user behind everything. If you don't tell us one, it'll be a guest and thus, by default, you'll have the same permissions as a guest.

This is covered in the docs, as well as the (optional) method for bypassing permissions when using a super user key:

If the API key selected is a super user key, you may pass the user ID of the context user via the XF-Api-User header. If no user ID is passed, the context will default to a guest.

If the request is made with a super user key and you wish to bypass the context user's permissions, this may be done on a per-request basis by setting the api_bypass_permissions parameter to 1. (This can be passed via a query string or as part of the request body.)
Click to expand...
 
You must log in or register to reply here.

Similar threads

I
  • Question Question
XF 2.2 XF API Deletion Issues w/ Attachments
Replies
7
Views
43
IbrahimIMC
I
Kilt
When should I be member vs. super mod vs. admin?
Replies
2
Views
503
Kilt
Kilt
Fullmental
XF 2.2 Using REST API to post a media item, no documentation. Help please?
Replies
4
Views
1K
Schaken
Schaken
Artis
  • Question Question
XF 2.2 Error updating Super admin password update with REST api
Replies
2
Views
907
Artis
Artis
beerForo
  • Question Question
XF 2.1 Search phrases filter for public vs. admin?
Replies
2
Views
303
beerForo
beerForo
Back
Top Bottom