Ledger API permissions and scopes

Hello,

I am trying to use the API to set Ledger values for one of my device-scoped Cloud to Device Ledgers. However despite giving my API user what I think are even more permissions than needed, it is still not working.

When I try to just get the list of ledgers, if I use /users/ledgers it will return {'ok': False, 'error': 'Not Found'} even though there are two Ledgers. If I try with /orgs/MY_ORG_ID/ledgers' I get an error of {'error': 'invalid_scope', 'error_description': 'Permission denied', 'code': 400}` even though the scope is clearly there from the screenshot.

Can anyone please suggest what I might be missing?

Thank you.

Just to be sure, that's an organization API user, not a product API user, correct? You need to be at the top level of an organization and use that Team icon and make sure Organization is selected. The list ledgers requires organization ledger.definitions:list scope. Product API users cannot access org endpoints.

I'm pretty sure the user ledger cannot be retrieved using an API user. The reason is that an API user can only be scoped to a product or organization. The user endpoints can only be authenticated using a real user token.

Thank you @rickkas7 that was indeed the problem. I had created a product API user. Once I made another org API user it is working. It would perhaps be helpful in the product API Users table to also have the Workspace column which says what the API user is for. Or some other way to denote them because it did seem confusing that "Teams" is the same term but there are actually different Product and API "team members" esp for APIs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.