Path error when trying to create (assign) permissions to a user via the management api

Hi - I’m getting the following 400 error when attempting to assign permissions to a recently created user:

{
“statusCode”: 400,
“error”: “Bad Request”,
“message”: “Path validation error: ‘Object didn’t pass validation for format user-id-with-max-length: 60911603a5c3a9450ae5aea6’ on property id (ID of the user to assign permissions to).”,
“errorCode”: “invalid_uri”
}

The uri I am using is:

https://<my-tenant-domain/api/v2/users/60911603a5c3a9450ae5aea6/permissions

And the body of the POST is: {“permissions”:[“read:company_profile”]}

What’s going wrong here? I can’t see any documented limit on the user_id length. It’s easily confused with the username attribute, but that can’t be the issue - I am not using username, and the error is complaining about the URI path which contains the user_id, not the username

Thanks in advance

Hi @spopida,

Welcome to the Community!

The user ID will follow the following pattern <connection name>|<user id in connection>

For example, a Google social connection user would look like this: google-oauth2|115088824167938831773

The pipe (|) will need to be URL encoded: %7C

The endpoint would be: https://YOUR_DOMAIN/api/v2/users/google-oauth2%7C115088824167938831773/permissions

Also, the body of the request should contain an array of objects like this:

{
  "permissions": [{
    "resource_server_identifier": "https://you-api-identifier/",
    "permission_name": "read:company_profile"
  }]
}
1 Like

Hi Stephanie - thanks so much for the prompt reply; really helpful. I got most of the way there after posting the question, but I don’t know how long it would have taken me to figure out the URL encoding. Out of interest, is this documented anywhere? I’m sure it must be, but I couldn’t see it in the API docs for this endpoint (e.g. it just says there needs to be an array of “object”). Anyway, thanks again.

1 Like

You’re welcome! Glad to hear it is helpful info.

There are a couple of places in the docs where the user ID format is documented (example), but I’m not sure if there is documentation for URL-encoding the user ID when calling the Management API.

Regarding the array of objects, I found the schema by calling the GET/api/v2/users/{id}/permissions endpoint to see what the array of objects should look like. I agree that it could be helpful to include the schema of the objects in the docs directly. I will pass on that feedback. Thank you!

1 Like

OK - well, many thanks again for the info - great support.

1 Like