AnsweredAssumed Answered

Manually generated access token has more permission vs access token generated using oauth.

Question asked by Amar D on Jun 7, 2017
Latest reply on Aug 13, 2017 by chofer@morainepark.edu

We are able to make almost all api call successfully when using manually generated token, but for the same account when we implement oauth we are getting  Unauthorised response.

 

Is there any difference between both ? 

 

 

Request: https://myinstitue.instructure.com/api/v1/accounts/43534523453/users
Response: {StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Cache-Control: no-cache
Connection: keep-alive
Date: Wed, 07 Jun 2017 09:11:26 GMT
P3P: CP="None, see http://www.instructure.com/privacy-policy"
Server: Apache
Set-Cookie: _csrf_token=SLrivPuSxX0KQFLm8aB86fGau%2BgEIEjZnel2VXBs3GF5jYbds6PxMVoLA7Cf8g7CwM7igElWZ4rEjV0BHi3zVA%3D%3D; path=/; secure
WWW-Authenticate: Bearer realm="canvas-lms"
Status: 401 Unauthorized
X-Canvas-Meta: q=574;b=1188784;m=1188784;u=0.01;y=0.00;d=0.00;
X-Content-Type-Options: nosniff
X-Rate-Limit-Remaining: 700.0
X-Request-Context-Id: 994b47ff-143e-40f6-a7cc-e79e134c027b
X-Request-Cost: 0.013737987999990906
X-Request-Processor: 05cb497f40689f5f9
X-Runtime: 0.039566
X-UA-Compatible: IE=Edge,chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 48
Content-Type: application/json; charset=utf-8
}}

Outcomes