Error 403 Get Number of On-Queue Agents using Genesys Cloud SDK

asikarwar · July 20, 2021, 9:06pm

Hi,

I was following this example using python but getting Error 403, however when I request using developer tools I do see successful query results.

I was given my client id and client secret, do I lack a specific role/grant, can you please guide as to what exact role i would require to make an api call?

Python3 Get Number of On-Queue Agents using Genesys Cloud SDK -

Enter queue name: TEST_Q
Error on RoutingAPI -> (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json', 'Content-Length': '106', 'Connection': 'keep-alive', 'Date': 'Tue, 20 Jul 2021 20:46:35 GMT', 'ININ-Correlation-Id': '2769afba-9ea3-4172-9535-d262407e67a6', 'Strict-Transport-Security': 'max-age=600; includeSubDomains', 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'X-Cache': 'Error from cloudfront', 'Via': '1.1 a39967d555ca3537d530d380e47d5378.cloudfront.net (CloudFront)', 'X-Amz-Cf-Pop': 'BOM51-C1', 'X-Amz-Cf-Id': 'RghbmcmK9R70tiPrg6qgHAWfEP1QAyNVP5Nt2JK-uyf4pTWGlOAfLw=='})
HTTP response body: {"message":"You are not authorized to perform the requested action.","code":"not.authorized","status":403}

Error on RoutingAPI -> {"message":"invalid dimension value","code":"bad.request","status":400,"messageParams":{},"contextId":"d3b5a100-04cb-4133-9984-9ac168605cb4","details":[],"errors":[]}
Number of agents in "TEST_Q": 0

Thanks
Ashish

tim.smith · July 20, 2021, 9:17pm

There's nothing I can say about this one other than it might have to do with scopes. If you need assistance troubleshooting this error, please open a case with Genesys Cloud Care to investigate; the error message itself and the logging for the correlation ID are insufficient to determine why the permission check failed.

I believe this error is saying that you're sending a "dimension":"value" in the request somewhere and that the literal string value is not a valid dimension.

asikarwar · July 21, 2021, 12:09pm

Sure, yes I can admin to log a case.

Also one more thing I was using us_east_1 for PureCloudRegionHosts[], this should not be an issue!

I was able to get authorization_permissions using the client id and secret, will this help you?

authApi = PureCloudPlatformClientV2.AuthorizationApi(apiclient)
print(authApi.get_authorization_permissions())

{'entities': [{'domain': 'analytics',
'id': None,
'name': None,
'permission_map': {'botAggregate': [{'action': 'view',
'allows_conditions': True,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'botAggregate',
'label': 'Query for bot aggregates'}],
'botFlowReportingTurn': [{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'botFlowReportingTurn',
'label': 'Read bot flow reporting turn data'}],
'conversationAggregate': [{'action': 'view',
'allows_conditions': True,
'division_aware': True,
'domain': 'analytics',
'entity_type': 'conversationAggregate',
'label': 'Query for conversation aggregates'}],
'conversationDetail': [{'action': 'view',
'allows_conditions': True,
'division_aware': True,
'domain': 'analytics',
'entity_type': 'conversationDetail',
'label': 'Query for conversation details'}],
'conversationProperties': [{'action': 'index',
'allows_conditions': False,
'division_aware': True,
'domain': 'analytics',
'entity_type': 'conversationProperties',
'label': 'Index conversation properties'}],
'dashboardConfigurations': [{'action': 'edit',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dashboardConfigurations',
'label': 'Query for dashboard configurations'},
{'action': 'publish',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dashboardConfigurations',
'label': 'Make dashboard configurations public'},
{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dashboardConfigurations',
'label': 'Query for dashboard configurations'}],
'dataExport': [{'action': 'add',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dataExport',
'label': 'Add data export jobs'},
{'action': 'delete',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dataExport',
'label': 'Delete data export jobs'},
{'action': 'edit',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dataExport',
'label': 'Edit data export jobs'},
{'action': 'publish',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dataExport',
'label': 'Email data exports'},
{'action': 'schedule',
'allows_conditions': False,
'division_aware': False,
'domain': 'analytics',
'entity_type': 'dataExport',
'label': 'Schedule data exports'}]},
'self_uri': '/api/v2/authorization/permissions'},
{'domain': 'acdvideo',
'id': None,
'name': None,
'permission_map': {'session': [{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'acdvideo',
'entity_type': 'session',
'label': 'View ACD video sessions'}]},
'self_uri': '/api/v2/authorization/permissions'},
{'domain': 'acdscreenshare',
'id': None,
'name': None,
'permission_map': {'chat': [{'action': 'escalate',
'allows_conditions': False,
'division_aware': False,
'domain': 'acdscreenshare',
'entity_type': 'chat',
'label': 'Allows agent to escalate a chat to a screenshare'}],
'session': [{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'acdscreenshare',
'entity_type': 'session',
'label': 'Allows viewing ACD screen share session'}],
'voice': [{'action': 'escalate',
'allows_conditions': False,
'division_aware': False,
'domain': 'acdscreenshare',
'entity_type': 'voice',
'label': 'Allows agent to escalate a voice call to a screenshare'}]},
'self_uri': '/api/v2/authorization/permissions'},
{'domain': 'alerting',
'id': None,
'name': None,
'permission_map': {'alert': [{'action': 'add',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'alert',
'label': 'Add an alert configuration'},
{'action': 'delete',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'alert',
'label': 'Delete an alert configuration'},
{'action': 'edit',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'alert',
'label': 'Edit an alert configuration'},
{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'alert',
'label': 'View alert configurations'}],
'rule': [{'action': 'add',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'rule',
'label': 'Add an alert configuration'},
{'action': 'delete',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'rule',
'label': 'Delete an alert configuration'},
{'action': 'edit',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'rule',
'label': 'Edit an alert configuration'},
{'action': 'view',
'allows_conditions': False,
'division_aware': False,
'domain': 'alerting',
'entity_type': 'rule',
'label': 'View alert configurations'}]},
'self_uri': '/api/v2/authorization/permissions'}],
'first_uri': '/api/v2/authorization/permissions?pageSize=25&pageNumber=1',
'last_uri': '/api/v2/authorization/permissions?pageSize=25&pageNumber=32',
'next_uri': '/api/v2/authorization/permissions?pageSize=25&pageNumber=2',
'page_count': 32,
'page_number': 1,
'page_size': 25,
'previous_uri': None,
'self_uri': '/api/v2/authorization/permissions?pageSize=25&pageNumber=1',
'total': 787}

Process finished with exit code 0

Jerome.Saint-Marc · July 21, 2021, 1:24pm

Hello,

The Get Number of On-Queue Agents tutorial makes use of two Platform API requests.

Get list of queues - GET /api/v2/routing/queues
Requires permission: routing:queue:view

Query for queue observations - POST /api/v2/analytics/queues/observations/query
Requires permission: analytics:queueObservation:view

The necessary permissions are listed on each API endpoint (the links above).

You are probably missing the routing:queue:view permission
Ask your admin to verify that the OAuth client you are using has the 2 permissions: routing:queue:view and analytics:queueObservation:view

Regards,

asikarwar · July 21, 2021, 1:42pm

Thank you @Jerome.Saint-Marc

And what required permission would I need for: /api/v2/analytics/flows/observations/query

Thanks again
Ashish

Jerome.Saint-Marc · July 21, 2021, 1:47pm

analytics:flowObservation:view

As I mentioned above you can find these required permissions in the API description of the endpoint.

Like for flow observations query:
POST /api/v2/analytics/flows/observations/query

Regards,

asikarwar · July 21, 2021, 1:48pm

Oh yes there is a section, thank you once again!

system · August 21, 2021, 1:48pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.