Management api token not working

Get Help
,
1

i’m gettting token following the official page: Get Management API Access Tokens for Production

   let obtainToken = {
        method: "POST",
        url: `https://${CLIENT_DOMAIN}/oauth/token`,
        headers: { "content-type": "application/x-www-form-urlencoded" },
        data: new URLSearchParams({
            grant_type: "client_credentials",
            client_id: CLIENT_ID,
            client_secret: CLIENT_SECRET,
            audience: `https://${CLIENT_DOMAIN}/api/v2/`,
        }),
    };

but this token is not working with

    let options = {
        method: "POST",
        url: `https://${CLIENT_DOMAIN}/api/v2/users/${userId}/roles`,
        headers: {
            "content-type": "application/json",
            authorization: `Bearer ${token}`,
            "cache-control": "no-cache",
        },
        data: { roles: [DEFAULT_ROLE_ID] },
    };

but the token from the dashboard works. not sure why.
machine-machine is set and enabled. only thing don’t understand is that token obtained from api not working but only the token in dashboard works.

3

Hey there @andyql welcome to the community!

Does the M2M application in your dashboard have the required permissions enabled? These are read:users read:roles read:role_members. You can set these by navigating to the M2M application → APIs → Management API:

Screenshot 2023-05-18 at 4.36.11 PM
Screenshot 2023-05-18 at 4.36.11 PM1572×1190 91.4 KB

Keep us posted!

4

hey @ty.frith thanks for the reply. yes all the permission are ticked at this stage.

5

No problem, happy to help!

Is there a particular error or status code you are getting? Does the token work if you cURL to get it?

  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'audience=https://{yourDomain}/api/v2/'
7

Glad to hear it’s working as expected now!

Hmm I’m unaware of that requirement - Do you mind sharing which specific client_credentials permission(s)? That shouldn’t be required for the /api/v2/users/${userId}/roles as far as I know.