Question about API tokens / permissions

Question

Hello,What determines which conversations/messages a user can get through an API endpoint using a Front token they made?One of our clients provided us with a Front token with the scopes "Shared Resources", "Private Resources", and "Provisioning" enabled, and our plugin would use that token to make API calls on the conversations they select from their inboxes. This client also has a starter plan and works from private inboxes.Currently, this client is facing an issue where our plugin is unable to read conversations from their private inboxes, and I'm not sure what could be causing that.When I make a GET request to https://api2.frontapp.com/conversations/cnv_X, I get the follow response body:{    "_error": {        "status": 403,        "title": "Forbidden",        "message": "This agent is not allowed to read the \"conversation\" with ID: \"X\""    }}Is there anything we could do on our end to fix this issue, or is this primarily caused by our client's Front account?

Javier - Developer Relations · Accepted Answer

To access conversations in a private inbox, the API token must have the Private Resources scope. However, that is not the only requirement.

That request failed because the teammate who owns the conversation has their "Allow access to my individual resources via the API" personal preference disabled.

This prevents any API token from accessing their resources.

See https://help.front.com/t/80d8nt/api-requests-failing-for-private-resources for full details. The article explains how the teammate can enable the setting, as well as how an admin can enable for all teammates.

--Jason

Question about API tokens / permissions

1 reply

Reply

Reply

Sign up

Use your Front credentials

Login to the community

Use your Front credentials

Scanning file for viruses.

This file cannot be downloaded