Just noticed this issue today.
Generating an api key for all users with global scopes, then updating a topic will result in an invalid_access
curl --location --request PUT 'https://example.com/t/-/365.json' \
--header 'Api-User: system' \
--header 'Api-Key: ***' \
--header 'Content-Type: application/json' \
--data-raw '{
"tags": ["awesome-tag"]
}'
{
"errors": [
"You are not permitted to view the requested resource. The API username or key is invalid."
],
"error_type": "invalid_access"
}
However if you generate a global api key for the user system
, it works: Same request , different key.
curl --location --request PUT 'https://example.com/t/-/365.json' \
--header 'Api-User: system' \
--header 'Api-Key: DIFFERENT_KEY' \
--header 'Content-Type: application/json' \
--data-raw '{
"tags": ["awesome-tag"]
}'
{
"basic_topic": {
"id": 365,
"title": "Test topic",
"fancy_title": "Test topic",
"slug": "test-topic",
"posts_count": 6
}
}