[#48] Admin user does not have permission to get event details by Admin API

system · September 27, 2017, 4:36pm

Migrated from Redmine #48 | Author: Mateusz Przybylek (DIABDIS)
Status: Resolved | Priority: High, I’m very impatient | Created: 2017-09-27

Hello
We started today integration Diabdis - SimplyBook and occurs urgent issue.
We use API to get information about events by admin method getBookingDetails : Company administration service methods - Company administration service methods - SimplyBook.me
I dont know why we get error: Sorry, you have no permissions to perform this action

Payloads below:
Request:
{“jsonrpc”:“2.0”,“id”:2,“method”:“getBookingDetails”,“params”:{“id”:490}}
Response
{“error”:{“code”:-32020,“message”:“Sorry, you have no permissions to perform this action”,“data”:},“id”:“2”,“jsonrpc”:“2.0”}

system · September 27, 2017, 5:32pm

Dmytro Bondarev wrote:

Hi!
Please provide user and company logins.

system · September 27, 2017, 5:33pm

Dmytro Bondarev wrote:

Also please provider API endpoint.

system · September 27, 2017, 5:55pm

Mateusz Przybylek (DIABDIS) wrote:

Endpoint https://user-api.simplybook.me/admin
Company: diabdis
Login: admin

system · September 27, 2017, 5:57pm

Dmytro Bondarev wrote:

Sorry. Now i see the reason.
Please use

{“jsonrpc”:“2.0”,“id”:2,“method”:“getBookingDetails”,“params”:[490]}

instead of

{“jsonrpc”:“2.0”,“id”:2,“method”:“getBookingDetails”,“params”:{“id”:490}}

system · September 28, 2017, 6:20am

Mateusz Przybylek (DIABDIS) wrote:

The same.

(Short original content)

system · September 28, 2017, 6:20am

Mateusz Przybylek (DIABDIS) wrote:

Response:

{
    "error": {
        "code": -32020,
        "message": "Sorry, you have no permissions to perform this action",
        "data": []
    },
    "id": "11",
    "jsonrpc": "2.0"
}

system · September 28, 2017, 7:07am

Dmytro Bondarev wrote:

Please provider your code.

system · September 28, 2017, 7:13am

Mateusz Przybylek (DIABDIS) wrote:

Copied from postman

POST /admin HTTP/1.1
Host: user-api.simplybook.me
X-Company-Login: bytes
X-User-Token: ***
Accept: application/json
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: f0f5efb9-46eb-ad5a-95e9-d0e68bdde467

{
	"jsonrpc": "2.0",
	"method": "getBookingDetails",
	"id": 11,
	"params": 
	{
		"id": "98"
	}
}

system · September 28, 2017, 7:14am

Mateusz Przybylek (DIABDIS) wrote:

Sorry my mistake, from production environment.

POST /admin HTTP/1.1
Host: user-api.simplybook.me
X-Company-Login: diabdis
X-User-Token: ***
Accept: application/json
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: c54534ad-ec43-763e-8478-0ec6b0b874a5

{
	"jsonrpc": "2.0",
	"method": "getBookingDetails",
	"id": 11,
	"params": 
	[ 98 ]
}

system · September 28, 2017, 7:32am

Dmytro Bondarev wrote:

Please make sure that you are getting token from admin user or user that have access to this booking.
I do not see other reasons.

system · September 28, 2017, 7:33am

Dmytro Bondarev wrote:

It would be better if you provide code with getting token.

system · September 28, 2017, 7:36am

Mateusz Przybylek (DIABDIS) wrote:

Here you have curl from our testing env.

curl -X POST
http://user-api.simplybook.me/admin
-H ‘accept: application/json’
-H ‘cache-control: no-cache’
-H ‘content-type: application/json’
-H ‘postman-token: 41ab61ff-9b60-2f84-9715-e6f0a8be4c77’
-H ‘x-company-login: bytes’
-H ‘x-user-token: b01db3ca63fa3351314dc8f0ad63f4e6f85bbac62ecdfb5d84245339b55ff0ff’
-d ‘{
“jsonrpc”: “2.0”,
“method”: “getBookingDetails”,
“id”: 11,
“params”:
[98]
}’

system · September 28, 2017, 7:57am

Dmytro Bondarev wrote:

Ok now it should work. And please use user-api.simplybook.it domain as your company on this server.

system · September 28, 2017, 8:43am

Mateusz Przybylek (DIABDIS) wrote:

Resolved.

(Short original content)