Solved: Re: Integration at Partner level

jdubicki · ‎02-15-2023

I've created an Integration under my Partner Full Admin account with the expectation that it would have the same level of access as the Partner admin account itself, given that I assign the appropriate Scope(s). However, I'm finding that not to be the case in either my development environment, or if I use the Integration token on the Developer site in place of my personal one.

For example, as a Partner admin, I can GET /organizations and will be returned a lengthy list of all of the Orgs under our Partner account. Running the same query as the Integration returns only the partner org itself. I tried with spark:organizations_read and also with spark:all just as a test.

My end goal was to create an Integration with the ability to view/delete users across all Orgs under our Partner account, but maybe that's not possible? Any help would be appreciated.

sandiban · ‎02-15-2023

Hi @jdubicki,
Actually it's not a correct concept that when I create an Integration under a Full Admin and create an Access Token using that Integration, that Token will automatically have all Scopes added whatever the Scopes that Full Admin has.
Once you create an Integration, you must need to add all the specific Scopes from the List in the Integration settings even though it's under a Full Admin account.

But the difference/benefit when Integration created under a Full Admin Account is, there are certain Scopes like meeting: admin_XXX_XXX which are not available for the Integrations created under normal User profile, but available/reserved for Full Admin Users. (normal Users can also add these scopes to their integration without any error, but thing is those will not reflect in the generated Access Token)

So, as discussed - you need to manually add all the scope/s under the Integration which is/are required for a Full Admin to perform their task specifically.
I think you can add the Scope spark-admin:organizations_read and let us know how it goes!

Regards,
Sandip

Please Note: If you think the solution provided above was helpful and satisfactory, please accept it as a Solution! However if you want to discuss it further and get yourself unblocked, please don't hesitate to reply back in this thread and we'll try to answer those queries by the soonest. In that case, once all of your queries are cleared - finally you can mark it as "Accepted as Solution"

View solution in original post

sandiban · ‎02-15-2023

Hi @jdubicki,
Actually it's not a correct concept that when I create an Integration under a Full Admin and create an Access Token using that Integration, that Token will automatically have all Scopes added whatever the Scopes that Full Admin has.
Once you create an Integration, you must need to add all the specific Scopes from the List in the Integration settings even though it's under a Full Admin account.

But the difference/benefit when Integration created under a Full Admin Account is, there are certain Scopes like meeting: admin_XXX_XXX which are not available for the Integrations created under normal User profile, but available/reserved for Full Admin Users. (normal Users can also add these scopes to their integration without any error, but thing is those will not reflect in the generated Access Token)

So, as discussed - you need to manually add all the scope/s under the Integration which is/are required for a Full Admin to perform their task specifically.
I think you can add the Scope spark-admin:organizations_read and let us know how it goes!

Regards,
Sandip

Please Note: If you think the solution provided above was helpful and satisfactory, please accept it as a Solution! However if you want to discuss it further and get yourself unblocked, please don't hesitate to reply back in this thread and we'll try to answer those queries by the soonest. In that case, once all of your queries are cleared - finally you can mark it as "Accepted as Solution"

jdubicki · ‎02-16-2023

Thanks for replying. I didn't realize I was doing spark:organizations_read instead of spark-admin:organizations_read until you mentioned it. That was the issue. Thanks so much!