XF 2.2 do_not_have_permission error when requesting to modify a post

C

canina

Active member
I implement the code below for thread change. The API key is Super user and with full permissions but I get a do_not_have_permission error
Code: 
// Set the API endpoint URL
$endpoint = 'http://112.45.67.890/api/threads/1';

// Set the API key and API secret


// Set the request parameters
$params = array(
    'title' => 'This is a test comment',
    'prefix_id' => 1,
    'discussion_open' => 1,
    'sticky' => 1,
    'username' => 'admin',
    'tags' => 'test',
    'message' => 'This is a test comment',
    'user_id' =>  1,
);

$apiKey = '*************************';

$headers = array(
    'Content-Type: application/x-www-form-urlencoded',
    'XF-Api-Key: ' . $apiKey,

);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);


echo ($response);
Thanks for any help
 
Sort by date Sort by votes
The developer docs go into a little detail on that:

If the API key selected is a super user key, you may pass the user ID of the context user via the XF-Api-User header. If no user ID is passed, the context will default to a guest.
Click to expand...

Basically, your API key can access any scope of the API, but it has the permissions of a guest user when executing those API requests. You can pass a XF-Api-User in the header with a user ID of an account with the permissions you need (I think it's also needed if you're doing post commands, so the correct user is associated as the author), or you can bypass the permissions with a parameter api_bypass_permissions set to 1 in your request body, to perform the action you need.

Generally, for API keys meant exclusively for deleting content, I'll usually just create the key and link it to a super administrator user instead, then set the scope accordingly. I generally try to avoid using a super user key by default - so far I haven't really needed one.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

FoxSecrets
XF 2.2 How to modify a template for a specific style
Replies
6
Views
482
Jeremy P
Jeremy P
C
  • Question Question
XF 2.2 Help with rest api
Replies
0
Views
689
canina
C
BubbaLovesCheese
XF 2 [PAID] Need someone to fix a PHP script that imports Avatars through XF API
Replies
0
Views
877
BubbaLovesCheese
BubbaLovesCheese
asprin
  • Question Question
XF 2.1 Trying to create a post from an external application via REST API is timing out
Replies
1
Views
1K
Dannymh
Dannymh
DragonByte Tech
As designed \XF\Db\Schema\Alter :: changeColumn produces invalid SQL when attempting to modify a column from INT to BLOB
Replies
2
Views
746
DragonByte Tech
DragonByte Tech
Back
Top Bottom