After obtaining a 3-legged token I can retrieve hubs, projects, checklists, issues, and other related project data, but when I query the endpoints listed below using the same token I get back a 403 status accompanied with the following error:
*"developerMessage": "Token does not have the privilege for this request.",
"moreInfo": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/",
"errorCode": "AUTH-010"*
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/companies-GET/
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/admin-v1-projects-projectId-users-GET/
Could you please give me some insights here?
Thanks,
Henrique Alexandre
You'll need a 2-legged token for the Get companies endpoint.
About Get Project users, please check the scopes of your token.
The successful endpoints (retrieve hubs, projects, checklists, and issues) require data:read scope, while Get Project users require account:read scope.
Related
I was able to retrieve Project Users of a project in BIM 360 using Forge API about a month back, using API as GET - https://developer.api.autodesk.com/bim360/admin/v1/projects/:projectId/users.
Since the last month, I am not able to fetch the users and receiving 403 responses. I have tried with the two-legged and three-legged token, as well as appending the header of the region in request, but still not getting the response.
API Link: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/admin-v1-projects-projectId-users-GET/
Please assist me, if anyone is aware of any changes made in the API.
I tried this request and I got this 403 response.
{
"developerMessage": "Token does not have the privilege for this request.",
"moreInfo":"https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/",
"errorCode": "AUTH-010"
}
As we can read, I was missing account:read in the scope. Can you check that or give us the developerMessage you receive ?
We are occasionally seeing an issue with some projects where, when we try to do a GetPublishJob on a BIM360 model, we get back a 403 error, like this:
{"jsonapi":{"version":"1.0"},"errors":[{"id":"ad23cbc6-dc82-4dfd-83f9-6acd14bac6d2","status":"403","code":"C4R","detail":"Failed to get publish model job"}]}
In the docs, it says it could be whitelisting or permissions. We know our app is whitelisted, because we would not have made it this far if it wasn't. We're using 3-legged OAuth, and we believe that the user is able to manually perform the Publish. Can you tell us what specific other permissions might need to be investigated?
I am not typing answer, while I want to check some information with you:
if what you are using is this endpoint, it is public, so it does not need whitelisted. https://forge.autodesk.com/en/docs/data/v2/reference/http/GetPublishModelJob/ .
Since you are using 3 legged token, I doubt it may due to the expired token, while normally it should be 401 error.
With the same token, can your code perform Publish Model?
https://forge.autodesk.com/en/docs/data/v2/reference/http/PublishModel/
was this workflow working well in the past? or just failed recently?
To use this endpoint, the logged user (for 3 legged token) should have access with the folder.
I'm trying to pubhlish a project using this guide - https://forge.autodesk.com/en/docs/data/v2/tutorials/publish-model/
I am able to get the docs hub ID for the expected hub (using 3 legged token, after having Autodesk provision the b360 docs account, and setting up integration w/ forge app), and pass this into the call to get the projects (using same token, or new token) using this guide - https://forge.autodesk.com/en/docs/data/v2/reference/http/hubs-hub_id-projects-GET/
I get back a response 404 error using the hub ID provided in the GET hubs call that starts with b.xxx from the GET hubs
{
"developerMessage": "The requested resource does not exist.",
"moreInfo": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/",
"errorCode": ""
}
I've tried this with a. as well, instead of b. and also no prefix on hub ID with no luck. I verified that this Id matches what is shown in the account admin settings online as well.
The get request looks like this, and includes authorization token in format Bearer {{token}} where {{token}} is the (same) variable for the token that works when getting hub ID's.
https://developer.api.autodesk.com/project/v1/hubs/b.e3a26052-6b48-4a03-9115-xxxxxxxxxxx/projects
Is my format incorrect, or is there something else going on?
The request looks ok, incl. the hub ID (the b. prefix must be there). One thing to check for is whether the actual user you're using to obtain the 3-legged token has access to any projects inside this hub.
Also, what happens when you try the GET hubs/:hub_id endpoint? Can you see the hub information or do you get 404 as well?
I have tried the endpoints to get projects and users with a three legged token, and in both cases I get a 403 with a response body that looks like:
{
"code": 1003,
"message": "Only support 2 legged access token."
}
This seems unequivocal, but doesn't seem to be consistent with the API documentation. Is access really only available using a 2 legged token or have I missed something?
Just to be clear, the endpoints I'm playing with are:
GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/projects
and
GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/users
The documentation states "Must be Bearer , where is obtained via OAuth", but there is no mention that only two legged authentication tokens are supported.
Yes, they are BIM360 HQ APIs (well known as Account Admin APIs), part of BIM360 API as I mentioned in the comment above.
Unfortunately, Account Admin APIs only allow access with 2 legged access token now. In contrast, other APIs like Issues, RFIs, and Checklists support 3 legged access token and 3 legged access token with the uid.
Note:
Keyword user context required in the Authentication Context of the documentation means that it requires acting with a 3-legged OAuth token or a 2-legged OAuth token with user impersonation.
Keyword app only means that it supports 2-legged OAuth token only.
I'm trying to create a bucket with the POST buckets endpoint. However, I cannot seem to do this: When attempting to do so with a Three-legged token, I receive the error:
"Only 2 legged service tokens are allowed to access this api."
But when I use a two-legged token (with the same scopes):
"Token does not have the privilege for this request."
What am I doing wrong? I'm using NodeJS with the Request library.
You might want to check your Token have the correct scopes in this case you need bucket:create as part of your token scopes.
More about it here. https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/scopes/