Skip to main content
Solved

Question about API tokens / permissions

  • 9 December 2022
  • 1 reply
  • 118 views

Front Developer
Forum|alt.badge.img+2

Hello,

What determines which conversations/messages a user can get through an API endpoint using a Front token they made?

One of our clients provided us with a Front token with the scopes "Shared Resources", "Private Resources", and "Provisioning" enabled, and our plugin would use that token to make API calls on the conversations they select from their inboxes. This client also has a starter plan and works from private inboxes.

Currently, this client is facing an issue where our plugin is unable to read conversations from their private inboxes, and I'm not sure what could be causing that.

When I make a GET request to https://api2.frontapp.com/conversations/cnv_X, I get the follow response body:

{
    "_error": {
        "status"403,
        "title""Forbidden",
        "message""This agent is not allowed to read the \"conversation\" with ID: \"X\""
    }
}


Is there anything we could do on our end to fix this issue, or is this primarily caused by our client's Front account?

Best answer by Javier - Developer Relations

To access conversations in a private inbox, the API token must have the Private Resources scope. However, that is not the only requirement.

 

That request failed because the teammate who owns the conversation has their "Allow access to my individual resources via the API" personal preference disabled. 

This prevents any API token from accessing their resources.

 

See https://help.front.com/t/80d8nt/api-requests-failing-for-private-resources for full details. The article explains how the teammate can enable the setting, as well as how an admin can enable for all teammates.

 

--Jason

View original
Did this topic help you find an answer to your question?

Javier - Developer Relations
Forum|alt.badge.img+8

To access conversations in a private inbox, the API token must have the Private Resources scope. However, that is not the only requirement.

 

That request failed because the teammate who owns the conversation has their "Allow access to my individual resources via the API" personal preference disabled. 

This prevents any API token from accessing their resources.

 

See https://help.front.com/t/80d8nt/api-requests-failing-for-private-resources for full details. The article explains how the teammate can enable the setting, as well as how an admin can enable for all teammates.

 

--Jason


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings