Community Help

BenjaminSelby · ‎02-26-2023

I'm trying to query the '/v1/comm_messages' API end point using an admin-authorised token in Powershell, and I get the message "user not authorised to perform that action". Does anybody know why there would be a problem with this? The token works fine for all other requests.

I've tried using user ids in the URI like so: '/api/v1/comm_messages?user_id=<###>' as well as with no URI parameters, and I get the same message both times.

Would greatly appreciate anyone's help for this.

matthew_buckett · ‎02-27-2023

From looking at the code for that endpoint: https://github.com/instructure/canvas-lms/blob/master/app/controllers/comm_messages_api_controller.r... it looks like you will need the view_notifications permission on an account (https://community.canvaslms.com/t5/Canvas-Resource-Documents/Canvas-Account-Role-Permissions/ta-p/38...), so if you are using an account that doesn't have that permission that's probably why you are seeing the error message.

View solution in original post

matthew_buckett · ‎02-27-2023

Using curl (command line Unix utility) it works fine for me, I can make a request to:

https://institution.instructure.com/api/v1/comm_messages?user_id=self

I get back a list of all the messages to me, but as my account has admin permissions I can also see the comm messages of other users by using their Canvas ID:

https://institution.instructure.com/api/v1/comm_messages?user_id=1

or their SIS ID as outlined in: https://canvas.instructure.com/doc/api/file.object_ids.html

https://institution.instructure.com/api/v1/comm_messages?user_id=sis_user_id:a-user-id

BenjaminSelby · ‎02-27-2023

Thanks for checking. It's not working for me on the Live API page, nor using Powershell or CURL. I presume it's a problem with the Token authorization but I don't know what the issue might be.

matthew_buckett · ‎02-27-2023

From looking at the code for that endpoint: https://github.com/instructure/canvas-lms/blob/master/app/controllers/comm_messages_api_controller.r... it looks like you will need the view_notifications permission on an account (https://community.canvaslms.com/t5/Canvas-Resource-Documents/Canvas-Account-Role-Permissions/ta-p/38...), so if you are using an account that doesn't have that permission that's probably why you are seeing the error message.

BenjaminSelby · ‎02-28-2023

Matthew, you're an absolute legend. That fixed it. I didn't even check permissions for my account because I'm an Admin and had never had any issues accessing any other part of Canvas before. Turns out that 'Notifications - View' was the only permission which was disabled for the Admin account (not sure how that happened...)

Thanks very much.

Nva2023 · ‎06-01-2023

Hey there.

I think I have the same problem.

Where is this part on Canvas? - Turns out that 'Notifications - View' was the only permission which was disabled for the Admin account

Thanks!

Nva2023 · ‎06-02-2023

@James Do you happen to know anything about this?

I'm trying to query the '/v1/comm_messages' API end point using an admin-authorized token and I get the message "user not authorized to perform that action".

I've tried using user ids in the URI like so: '/api/v1/comm_messages?user_id=<###>'

James · ‎06-03-2023

@Nva2023

When you look at the documentation, it says "Returns the paginated list of conversations for the current user, most recent ones first." This means that you are getting the list of communications for the person with the token.

To get the list for someone else, you would need to masquerade as that user. This is done with as_user_id and not user_id. See the Masquerading page in the API documentation for more information.

Nva2023 · ‎06-03-2023

yes, this one works to get their to-do list:

var url = "https://oururl.instructure.com/api/v1/users/self/activity_stream?as_user_id=sis_user_id:1234";

I need to generate a report of the user inbox (unread/no reply) messages, I tried this:

var url = "https://oururl.instructure.com/api/v1/comm_messages?as_user_id=1234";

var url = "https://oururl.instructure.com/api/v1/comm_messages?user_id=1234";

var url = "https://oururl.instructure.com/api/v1/comm_messages?user_id=sis_user_id:1234";

also with https://oururl.instructure.com/api/v1/comm_messages?as_user_id=sis_user_id:1234

No luck with the above urls, not sure why? Are they incorrect?

Just found this one and it works to read inbox!

var url = "https://oururl.instructure.com/api/v1/conversations?as_user_id=sis_user_id:1234

Thank you, @James

James · ‎06-03-2023

@Nva2023

Sorry, I misread the your message. We're on vacation this weekend and I was trying to answer it quickly before we left for the day. I was looking at conversations instead of comm_messages. The as_user_id is not needed for the comm_messages endpoint, but you do need a token that has the required permissions.

I just tried the GET and it worked for me with both my token and another admin token. It worked for user_id=canvas_user_id and user_id=sis_user_id:sis_id

Both of those tokens are for site admins, which is one of the things that it checks for in the source code.

Then I tried it with someone else's account and it worked.

Then I tried it with someone who had no communication messages and it worked (returning an empty array).

Since it works as a site admin, that suggests a couple of possibilities.

You are using a token without the proper permissions.
You are using an ID that does not belong to your instance.

The first one might happen if you have an admin, but not site admin, token. This could happen if you are a sub-account admin. If you're not a site admin, you need a site domain setting to allow admins to view notifications and then the domain root admin grants rights to view notifications. Here are the appropriate lines of the source code to look at for the full check.

You may also be able to list admins GET /api/v1/accounts/self/admins and see if your user is listed there. If you cannot get a list of admins, you are likely not using a site-admin account.

The second one is probably not the cause since you are able to get it to work with other situations. There's always a possibility that you transposed a couple of digits, so I mention it.

A third possibility is related to the first. If you are using a sub-account admin token, then you may not have permissions to the users who belong to the site account.

BenjaminSelby · ‎06-04-2023

Hi NVA. It's here:

CommMessages API call with Admin token - "user not authorised to perform that action"

Web Fonts being part of a custom theme?

Custom css json Dashboard

Item limit on "Add to Module" dialog box and solut...

How to enable Upload/Recording Media option to tak...

outh2 flow token generation

Web Fonts being part of a custom theme?

Custom css json Dashboard

Setting Assignment unlock date for a specific Sect...

Current graded by

If I have a Course ID, Quiz ID and a Question ID c...

You're signed out

CommMessages API call with Admin token - "user not authorised to perform that action"

Community Help

View our top guides and resources: