Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

HipChat V2 API tokens lacking scope

Damion Brown
Damion Brown August 20, 2018

Room API tokens complain:

"This action requires one of the following scopes: [u'view_messages']"

Which you have removed the option to allow as a scope for room API tokens.

User API tokens complain:

"Only requests matching one of these authenticated principals are allowed to access this resource: a room add-on or token, a global add-on"

Please advise?

Answer
Watch
Like Be the first to like this
589 views

1 answer

1 accepted

0 votes
Answer accepted
Theinvisibleman
Theinvisibleman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 20, 2018

Hey there Damion, what is the API command/functionality that you are trying to use? From there we should be able to find out more :) 

View More Comments
Damion Brown
Damion Brown August 20, 2018

For sure, find attached a HTTP conversation - I've deleted those API tokens

 

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1
Content-Type: application/json
User-Agent: FoxHTTP v1.3
Authorization: Bearer CWHunIaKjev2a6S9RnQPuWpZKZPKBZNieq2k23Bd
Cache-Control: no-cache
Pragma: no-cache
Host: api.hipchat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 94

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}
 HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date, ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Backoff
Content-Type: application/json
Date: Tue, 21 Aug 2018 00:33:49 GMT
Server: nginx
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 96
X-Ratelimit-Reset: 1534811652
Content-Length: 148
Connection: keep-alive

{
 "error": {
 "code": 403,
 "message": "This action requires one of the following scopes: [u'view_messages']",
 "type": "Forbidden"
 }
}

 

Like
Damion Brown
Damion Brown August 20, 2018

And here's a conversation using a account-specific API token with all permissions, this token has also been deleted.

 

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1
Content-Type: application/json
User-Agent: FoxHTTP v1.3
Authorization: Bearer MOSPD4kkDPcITUyaDzD1WcDfet29pAUXQRDIwdhW
Cache-Control: no-cache
Pragma: no-cache
Host: api.hipchat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 94

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date, ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Backoff
Content-Type: application/json
Date: Tue, 21 Aug 2018 00:40:43 GMT
Server: nginx
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 100
X-Ratelimit-Reset: 1534812344
Content-Length: 217
Connection: keep-alive

{
 "error": {
 "code": 403,
 "message": "Only requests matching one of these authenticated principals are allowed to access this resource: a room add-on or token, a global add-on",
 "type": "Forbidden"
 }
Like
Theinvisibleman
Theinvisibleman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 22, 2018

Heya Damion, sorry, I'm still not quite sure which API command/functionality you are trying to use. From the look of the request, it seems that you are trying to send a message into a room, is that the case? 

It'd be great if you could let us know which one of the API from this HC API Guide that you are trying to use, as that'd help us understand the situation better.

Like
Damion Brown
Damion Brown August 22, 2018

I'm trying to register a webhook for a room, described in the ROOMS API here:

https://www.hipchat.com/docs/apiv2/method/create_room_webhook

 

Required fields RoomID, Key, URL, and Event can be seen in the request here::

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1

 And here:

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}
Like
Like
Damion Brown
Damion Brown August 30, 2018

@Theinvisibleman bump 

Like
Damion Brown
Damion Brown September 6, 2018

@Theinvisibleman

w4riF

Like
Theinvisibleman
Theinvisibleman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 7, 2018

Hi Damion, so sorry for the late reply! I was sure I had already replied, but I think there was an issue with the answer submission. I'm sorry to say, but as this is a Webhook request, and without a site of my own to test it, I was unable to test it and find out the root cause of the problems that you are facing.

 

For this, I'd suggest checking out our Developers Community or go straight for our Developer Service Desk. They should be able to help you out more/better in this regard.

Like
Damion Brown
Damion Brown October 1, 2018

@Theinvisibleman Appreciate your help. This one has certainly been tough.

Thanks for the link to the ecosystem though, I'll go open a ticket there.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Hipchat
Hipchat
TAGS
AUG Leaders

Atlassian Community Events

    See all events