Re: Finesse REST API - Authentication options

Milos Horky · ‎10-13-2022

Hello Team,
We are using Cisco Finesse API (https://developer.cisco.com/docs/finesse/#reasoncode%e2%80%94get-list) for obtaining list of reason codes. However, it looks like the only way how to fetch the data from this endpoint is by using the admin account for authentication.
Is this the only option how to fetch these data or we can do it also by using an account with lower set of permissions for read-only operations? If not, could you please advise how to obtain list of reason codes not using admin account or do you plan to make any adjustments on the API in near future to allow that?
Thank you

Gerry O'Rourke · ‎10-13-2022

The admin account would give you access to see ALL the reason codes that are configured.

Reference: https://developer.cisco.com/docs/finesse/#reasoncode%e2%80%94get-list

If you want to see only the reason codes that are assigned at the agent level - the agent has access to their own Teams reason codes.

Example: \\

https://ucce-lab-finesse-a.mydomain.com/finesse/api/TeamResource/5000/ReasonCodes?category=ALL&nocache=1665676621185

Reference: https://developer.cisco.com/docs/finesse/#team%e2%80%94get-list-of-reason-codes

Gerry

hundycougar · ‎10-17-2022

Any chance to have a service account that has admin access instead of having to pass the finesse admin around?

dhiarumu · ‎10-18-2022

Hi @hundycougar,

Cisco Finesse has only agent, supervisor and administrator accounts. On UCCX environments, an agent or a supervisor can also have an administrator privilege (you can make an agent as admin and share that agent's credentials if you want - of-course please be aware of the risks involved as well), but same is not possible on PCCE/UCCE environments.

Thanks

Milos Horky · ‎10-19-2022

Hi,
Let me rephrase my first question a bit. Is there any possibility to use admin account (or whatever account) to access ALL reason codes with “READ-ONLY” privileges/permissions in order to prevent potential security threats by using full admin account? We know about Teams reason codes, however it seems a bit overcomplicated to get ALL reason codes using this approach. If not, do you plan to implement something like that anytime soon?
Thank you

Gerry O'Rourke · ‎10-19-2022

To answer your query. No. There is no "read only" admin account.

The only way to get all the reason codes today is to use the admin accout.

My biggest issue with the admin account is

1) An Admin user, using the Finesse Admin GUI can easily lock out the admin account - which could break / impact the Agent Desktop Custom application which uses the admin account - so in my view there should be the ability to create MULTIPLE admin accounts - which you could then be used by different applications.

2) It would be a nice feature to have a read only admin account as you say

3) Even the Finesse admin account does NOT have full access to the API. The Agent / Supervisor has the ability to update Call Variables in a dialog. But the admin account does not. I find this a critical missing capability.

I would discuss with your Cisco account manager if you could request this or other feature requests to see if / when these could be added to the product.

Regards,

Gerry

TalkingScientist · ‎10-19-2022

While talking with the Cisco account manager(s) everyone should bring up that this Finesse admin account, at least in UCCE, is just that. A singular, individual, shared password account...that is hard coded for API use. That is used to add reason codes to new teams (MAC work) AND has the ability to wipe out Desktop Layouts (code), and CTI/AW config settings without any tracking or versioning.

After bringing it up with the account manager you should just sit back, look at them and say "seriously?"