Hey awork. Tolle Software habt ihr da gebaut!!
Ich habe einen neuen API Token ausgestellt, bekomme aber
{
„code“: „unauthorized“,
„description“: „Permissions are invalid.“
}
wenn ich diesen benutzen möchte. Der Token fängt mit ey… an 
Der Token Name ist kurz in den Berechtigungsrollen aufgetaucht (admin) jetzt aber wieder „weg“. Any Idea?
Danke!
Sebastian
Hi @sd1, thank you!
We have a similar report open right now and I’m looking into it. I’ll let you know once I find out more.
@sd1 I identified and solved the issue. You will need to delete and recreate the API key, but then it should work. Let me know if you still have issues. Thanks and sorry for the inconvenience.
Hi @Sebastian
I can not confirm this is working. I’ve created a new key and tried it in Postman (with the /me Query).
The Result is still 401 Unauthorized.
Another unusual observation is, that the result messages changes while reloading:
{
„code“: „unauthorized“
}
{
„code“: „unauthorized“,
„description“: „Permissions are invalid.“
}
Sebastian (;–)
What I meant by deleting is clicking on the Delete button here and creating a new API key. Did you do that? That worked for me.
What do you mean by changes while reloading?
See this loom: awork • Dashboard - 4 September 2024 | Loom
(I’ve deleted the key after the recording for security reasons)
Afterwards I tried to setup a new test for you to share the varing API responses. The API key then works. Different from my first attempt was, that as you can see in the loom recording, the API key was already issued. On my second attempt I issued the key with the plus button.
Summary: I think I found the buggy behavior. Once you issue a key with the + button, the key works. The one that got automatically issued while adding the Client does not work.
When you create a new client, there is no API key created automatically. What you see in the first window is the client secret for the OAuth 2.0 flow. Only when you then go to API keys and create a new key do you have an actual access token for the API. I hope that helps.
… watch my loom at 01:05 (API key issued/present without my intervention)
I think I found out what is happening. You are reusing the same client id in your tests, and the previous API keys (or rather the user information behind them that is displayed in the UI) are then re-associated with the new client. We likely don’t delete them as they contain the information shown in the activity logs. I’ll check what the correct behavior here is. If you create a client using a new name this should not happen.
Good find;) Happy Evening!
