-
create an API key
-
set the scope to manage groups and enter the ID of the group (e.g. 10 for trust_level_0)
-
Try to call the API
curl -H "Api-Key: ***" https://test.example.com/groups/trust_level_0/members.json
→ 403 {"errors":["You are not permitted to view the requested resource. The API username or key is invalid."],"error_type":"invalid_access"}
Try the ID
curl -H "Api-Key: ***" https://test.example.com/groups/10/members.json
→ 403 {"errors":["You are not permitted to view the requested resource. The API username or key is invalid."],"error_type":"invalid_access"}
The reason is that the scope restricts the call to a parameter id
But for this specific call the parameter is called name. So it will never work.
Hacking the database and changing the scope to {"name": ["trust_level_0"]} makes this call work (it will break all the others though).