Closed vdachev closed 9 years ago
tbroyer
commented
9 years ago The doc is misleading, it more the other way around: the access token must be one that has been retrieved for that instance_id.
We're aiming for ReSTful APIs. If you want messages for a specific user and instance, you ask for that. The access token is about validating whether you are authorized to access that information.
vdachev
commented
9 years ago Problem is, I keep getting a "403 Forbidden" response when trying to retrieve: https://kernel.ozwillo.com/n/aa4ee84d-4e9c-45c0-b2b3-3169505276e2/messages
tbroyer
commented
9 years ago That's the expected behavior. You should be retrieving https://kernel.ozwillo.com/n/aa4ee84d-4e9c-45c0-b2b3-3169505276e2/messages?instance_id=0d2db362-0772-4e95-bf43-9dd9c027554c
vdachev
commented
9 years ago That was my point exactly - is the instance_id really required? I want to show the user all their messages...
tbroyer
commented
9 years ago The resource identified by the URL you're using is the list of all messages, and is only available to the portal, to avoid disclosing private information (or metadata). You're looking for "all messages for instance X", so you have to use that resource, whose URL is the one I gave. Different semantics, different resources, different URLs.
vdachev
commented
9 years ago Great, it worked! Thanks.
According to http://doc.ozwillo.com/#s5-api-notifications "instance_id must be the one for which you obtained the access_token". Why is it required? If the kernal can validate it, it can retrieve it by itself, can't it?