Can't get email to send with email invitation api

[KevinDanikowski]

I can't get the email to send, I'm receiving a 403 error with "access to resource forbidden" ({"message":"Access to resource is forbidden","errorCode":1014,"correlationId":"226c6f21-6cc1-4f2d-9ef8-9abfa5095bf9"}). Any thoughts on how to solve this?

Reference instructions: https://support.trustpilot.com/hc/en-us/community/posts/9981504640146-API-for-Invitations-Walkthrough Reference Documentation: https://developers.trustpilot.com/invitation-api#create-invitation(s)

Someone experiencing the same: https://support.trustpilot.com/hc/nl/community/posts/10058072717074-Access-to-resource-is-forbidden-errorCode-1014-when-send-Customer-service-review (but theres is periodic, mine is every time)

Invitation History is blank / empty: https://businessapp.b2b.trustpilot.com/invitations/invitation-history

Code:

const { TrustpilotApi } = require('trustpilot')
const { GrantType } = require('trustpilot/dist/models')

const trustpilotLocals = {
  en: 'en-US',
  da: 'da-DK',
  de: 'de-DE',
  nl: 'nl-NL',
  es: 'es-ES',
  sv: 'sv-SE',
  pt: 'pt-BR',
  fr: 'fr-FR',
  nb: 'nb-NO',
  ru: 'ru-RU',
  fi: 'fi-FI',
  pl: 'pl-PL',
  ja: 'ja-JP',
  it: 'it-IT',
  'zh-cn': 'zh-CN',
}

const sendTrustPilotReviewEmail = async ({ language, userId, email, name }) => {
  // this works for our invitation link api and other apis, just not email invitation
  const client = await new TrustpilotApi({
    key: trustPilotApiKey,
    secret: trustPilotSecret,
    grantType: GrantType.client_credentials,
    baseUrl: 'https://invitations-api.trustpilot.com',
  }).authenticate()

  // I tried sending only `consumerEmail: email` which is the minimum you need, and still same error code
  const payload = {
    replyTo: 'support@mywebsite.com', // registered with trust pilot
    locale: trustpilotLocals[language] ?? trustpilotLocals.en,
    senderName: 'Trust Pilot',
    senderEmail: 'noreply.invitations@trustpilotmail.com',
    // locationId: 'ABC123',
    referenceNumber: userId,
    consumerName: name,
    consumerEmail: email,
    type: 'email',
    serviceReviewInvitation: {
      // templateId: '529c0abfefb96008b894ad02',
      preferredSendTime: '2023-04-08T12:00:00',
      redirectUri: `https://www.trustpilot.com`,
      tags: [],
    },
    // productReviewInvitation: {
    //   templateId: '507f191e810c19729de860ea',
    //   preferredSendTime: '09/07/2013 13:37:00',
    //   redirectUri: 'http://trustpilot.com',
    //   products: [
    //     {
    //       sku: 'ABC-1234',
    //       name: 'Metal Toy Car',
    //       mpn: '7TX1641',
    //       brand: 'ACME',
    //       imageUrl: 'http://www.mycompanystore.com/products/images/12345.jpg',
    //       productUrl: 'http://www.mycompanystore.com/products/12345.htm',
    //       gtin: '01234567890',
    //       productCategoryGoogleId: '1267',
    //     },
    //   ],
    //   productSkus: ['sku1', 'sku2'],
    // },
  }

  try {
    const res = await client.post(`/v1/private/business-units/${BUSINESS_UNIT_ID}/email-invitations`, {
      body: payload,
      headers: {
        'x-business-user-id': BUSINESS_UNIT_ID,
        'Content-Type': 'application/json',
      },
    })
    console.log(res)
  } catch (e) {
    // fails every time
    console.log('error', e?.response?.body)
  }
}

PS: I do have a working invitation link API, so I know I have the code working for that.

[KevinDanikowski]

I hackily "solved" it, I switched to /invitations instead of /email-invitations and changed consumerName and consumerEmail to recipientName and recipientEmail. I also unnested all the values in serviceReviewInvitation. This is not recommended because I'm pretty sure this is a deprecated endpoint since there is 0 documentation on it and the reference to this was found on 5+ year old stack overflow posts..

Why it's not a true solution: This api counts toward your total invitations and is not unlimited with the API as they verbalized to me during the sales. As a result, this is NOT a 1 for 1 solution for getting /email-invitations to work assuming it doesn't count against your total sends.

Side Note / Rant: Honestly I've been very disappointed with the trust pilot API setup process, the documentation is flat our wrong in some cases, this repo looked like it wasn't actually reviewed before being pushed and isn't given the TLC it should be provided (for example, they didn't delete some stage environment api keys from this repo). The documentation in their blogs gives like no info, just an overview that I'm half sure was written by a person who doesn't actually use the endpoints since in some cases I've found it to not work.

Items lacking from the actual api documentation:

• sufficient instructions of a recommended set up
• clear deliberation on what values are optional
• sufficient details on how values should be provided (i.e. dates, "arrays" in query strings - I had to figure out it's a comma format)
• sufficient details of when to use each endpoint (as some have some significant overlap, the business workings of the endpoints - invited links for example aren't actually considered "verified", they're considered "invited", but none of this info in this and other similar situations is mentioned anywhere)
• resources (i.e. this repo isn't even mentioned in their api documentation)
• rate limit info, I learned the hard way they have a pretty small rate limit (which isn't very clear and doesn't work exactly like the rate limit response mentions {"fault":{"faultstring":"Spike arrest violation. Allowed rate : MessageRate{messagesPerPeriod=120, periodInMicroseconds=840000000, maxBurstMessageCount=1.0}","detail":{"errorcode":"policies.ratelimit.SpikeArrestViolation"}}}).

Overall, just extremely let down with the API documentation which has costed me about 6-10 hours if not more of having to figure things out of my own which should be native in their documentation for access that costs hundreds of dollars per month.

[madsgodvinjensen]

Hey Kevin,

I’m sorry you’ve had such a poor experience with our API and npm package.

About the API documentation we will revisit this and make sure things are put in order. I'm very sorry you've had to look for workarounds like this.

In this particular case, the issue is passing a business unit id in the business user field.

headers: {
  'x-business-user-id': BUSINESS_UNIT_ID,

The above results in an authentication error. We return an HTTP 403 which should perhaps have been an HTTP 401 - I suspect that's where the confusion comes from.

The npm package that is published from this repository has been neglected for a while. We have decided to archive the repo and deprecate the package on npm - this has been an standing debate for a while. There are several other OAuth libraries out there and it makes little sense for us to maintain this one.