Jump to content


Oauth Client Credentials + @apiclientonly

Go to solution Solved by bfarber,

Recommended Posts

If the method is commented to have @apiclientonly in the docblock, instead of denying only  OAuth Access Token use, it denies any use other than API key. 

This is directly counter the documentation: https://invisioncommunity.com/developers/rest-api?endpoint=core/members/POSTindex

On the surface, the problem seems to be that such methods are not actually available to be granted permissions in the scopes selection form in the ACP for Oauth Client Credentials.

I can't imagine this is intended given the documentation and code. I would appreciate it if this could be looked into, thank you. It is vastly preferred to use the security superior oauth for such work.

Edited by Marcher Technologies
Link to comment
Share on other sites

"errorCode": "2S291\/3",
"errorMessage": "NO_PERMISSION"

To note, Other calls to endpoints actually listed in the scopes tab for oAuth Client config work:


The same for an API Key:


Note the missing endpoints in the former's case. I suspect this to be the root cause.

Edited by Marcher Technologies
Link to comment
Share on other sites


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy