This user: https://posthoghelp.zendesk.com/agent/tickets/14932 had an issue where they weren't able to call one of our Public API endpoints. Turns out, we never enabled the appropriate required_scope for that endpoint, so it kept failing. I don't know of any reason why we shouldn't allow users to hit this endpoint, so I went with the approach of just enabling the experiments:* required_scope, but if we don't support these endpoints, I feel like we should call that out in our docs/not make them available. IMO this was just an oversight on our part when enabling our API token scopes.
In draft mode for now while I confirm that this is the correct approach. I should probably add some tests for this behavior as well, but I'm also not exactly sure where to put tests that encode this type of knowledge (i.e. which scopes should be enabled for which endpoint).
How did you test this code?
Manually tested all of these endpoints locally and they all worked as expected.
Problem
This user: https://posthoghelp.zendesk.com/agent/tickets/14932 had an issue where they weren't able to call one of our Public API endpoints. Turns out, we never enabled the appropriate
required_scopefor that endpoint, so it kept failing. I don't know of any reason why we shouldn't allow users to hit this endpoint, so I went with the approach of just enabling the experiments:*required_scope, but if we don't support these endpoints, I feel like we should call that out in our docs/not make them available. IMO this was just an oversight on our part when enabling our API token scopes.In draft mode for now while I confirm that this is the correct approach. I should probably add some tests for this behavior as well, but I'm also not exactly sure where to put tests that encode this type of knowledge (i.e. which scopes should be enabled for which endpoint).
How did you test this code?
Manually tested all of these endpoints locally and they all worked as expected.