bc-traciporter
commented
4 days ago Hello @jaredSiebert I just performed the two requests using the same OAuth Scope. There is no difference. The Authentication details are the same.
Open jaredSiebert opened 6 days ago
bc-traciporter
commented
4 days ago Hello @jaredSiebert I just performed the two requests using the same OAuth Scope. There is no difference. The Authentication details are the same.
jaredSiebert
commented
4 days ago Thanks for getting back to me - I've reviewed the authorization listed for both endpoints and when using read-only settings I can access /customers/{custId}/metafields, but /customers/{custId}/metafields/{metafieldId} returns a 403
You are correct that if I use the OAuth scope of modify for customers, both endpoints work, but it does still seem strange that using read-only I can list all metafields for a customer but not retrieve a metafield by Id
Please outline the OAuth scope requirements for these two endpoints:
Get Customer Metafields List https://developer.bigcommerce.com/docs/rest-management/customers/metafields#get-customer-metafields-list
Get Customer Metafields https://developer.bigcommerce.com/docs/rest-management/customers/metafields#get-customer-metafields
/stores/{store_hash}/v3/customers/{customerId}/metafields/{metafieldId} requires more permission than /stores/{store_hash}/v3/customers/{customerId}/metafields and it's not clear which OAuth permissions are required or why there is even a difference