Description
The error code and error message for 403 responses have been changed to maintain parity. This change will only affect the requests that fail the authorization check.
Current Response:
{
"message": "Permission is forbidden on domain, 'responses', entity 'response`, with action set '[view]'",
"code": "forbidden",
"status": 403,
"contextId": "00000000-0000-0000-0000-000000000000",
"details": [],
"errors": []
}
New Response:
{
"message": "Unable to perform the requested action. You must have at least one of the following permissions assigned: [responses:response:view]",
"code": "missing.any.permissions",
"status": 403,
"contextId": "00000000-0000-0000-0000-000000000000",
"details": [],
"errors": []
}
This change applies to all the APIs listed under Response Management.
Change Category
Informational
API
Change Context
The authorization checks performed in the backend have been moved to the public API. Public API has a standard error response for authorization failures that's different from the current 403 response from the backend service.
Change Impact
This change will only affect the request that fails with a 403 response. API will return a different error code and message. It will not change the behavior of any API.
Date of Change
Aug 24, 2022
Impacted APIs
Response APIs:
- GET /api/v2/responsemanagement/responses
- POST /api/v2/responsemanagement/responses
- POST /api/v2/responsemanagement/responses/query
- DELETE /api/v2/responsemanagement/responses/{responseId}
- GET /api/v2/responsemanagement/responses/{responseId}
- PUT /api/v2/responsemanagement/responses/{responseId}
Library APIs:
- GET /api/v2/responsemanagement/libraries
- POST /api/v2/responsemanagement/libraries
- DELETE /api/v2/responsemanagement/libraries/{libraryId}
- GET /api/v2/responsemanagement/libraries/{libraryId}
- PUT /api/v2/responsemanagement/libraries/{libraryId}
References
[RESPONSES-508]