It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

HipChat V2 API tokens lacking scope Edited

Room API tokens complain:

"This action requires one of the following scopes: [u'view_messages']"

Which you have removed the option to allow as a scope for room API tokens.

User API tokens complain:

"Only requests matching one of these authenticated principals are allowed to access this resource: a room add-on or token, a global add-on"

Please advise?

1 answer

1 accepted

0 votes
Answer accepted

Hey there Damion, what is the API command/functionality that you are trying to use? From there we should be able to find out more :) 

For sure, find attached a HTTP conversation - I've deleted those API tokens

 

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1
Content-Type: application/json
User-Agent: FoxHTTP v1.3
Authorization: Bearer CWHunIaKjev2a6S9RnQPuWpZKZPKBZNieq2k23Bd
Cache-Control: no-cache
Pragma: no-cache
Host: api.hipchat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 94

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}
 HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date, ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Backoff
Content-Type: application/json
Date: Tue, 21 Aug 2018 00:33:49 GMT
Server: nginx
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 96
X-Ratelimit-Reset: 1534811652
Content-Length: 148
Connection: keep-alive

{
"error": {
"code": 403,
"message": "This action requires one of the following scopes: [u'view_messages']",
"type": "Forbidden"
}
}

 

And here's a conversation using a account-specific API token with all permissions, this token has also been deleted.

 

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1
Content-Type: application/json
User-Agent: FoxHTTP v1.3
Authorization: Bearer MOSPD4kkDPcITUyaDzD1WcDfet29pAUXQRDIwdhW
Cache-Control: no-cache
Pragma: no-cache
Host: api.hipchat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 94

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date, ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Backoff
Content-Type: application/json
Date: Tue, 21 Aug 2018 00:40:43 GMT
Server: nginx
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 100
X-Ratelimit-Reset: 1534812344
Content-Length: 217
Connection: keep-alive

{
"error": {
"code": 403,
"message": "Only requests matching one of these authenticated principals are allowed to access this resource: a room add-on or token, a global add-on",
"type": "Forbidden"
}

Heya Damion, sorry, I'm still not quite sure which API command/functionality you are trying to use. From the look of the request, it seems that you are trying to send a message into a room, is that the case? 

It'd be great if you could let us know which one of the API from this HC API Guide that you are trying to use, as that'd help us understand the situation better.

I'm trying to register a webhook for a room, described in the ROOMS API here:

https://www.hipchat.com/docs/apiv2/method/create_room_webhook

 

Required fields RoomID, Key, URL, and Event can be seen in the request here::

PUT /v2/room/Trivia/extension/webhook/Why403 HTTP/1.1

 And here:

{"url":"https://hiptrivia.glintech.com/webhook","event":"room_message","authentication":"jwt"}

Hi Damion, so sorry for the late reply! I was sure I had already replied, but I think there was an issue with the answer submission. I'm sorry to say, but as this is a Webhook request, and without a site of my own to test it, I was unable to test it and find out the root cause of the problems that you are facing.

 

For this, I'd suggest checking out our Developers Community or go straight for our Developer Service Desk. They should be able to help you out more/better in this regard.

@Theinvisibleman Appreciate your help. This one has certainly been tough.

Thanks for the link to the ecosystem though, I'll go open a ticket there.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Hipchat

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

35,207 views 9 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you