Sv: "You don't have permission to access this reso...

andretvard · ‎30-08-2022

Hi

We noticed that many of our customers started to get "You don't have permission to access this resource" error when accessing API. It seems that GET requests work but not POST/PUT.

Please advise on how to handle this problem.

Here is the response we get from API:

<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

Florian Haase · ‎31-08-2022

Same problem here:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> </body></html> Faktura 203797 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> </body></html>

We try to add attachment to incoming invoices. That critical for us because we use that for reverse invoicing.

Magnus Johnsen · ‎31-08-2022

Could you please send us the companyID?

Florian Haase · ‎31-08-2022

080902

Magnus Johnsen · ‎31-08-2022

This does not look like a companyID, could you please doublecheck?

Florian Haase · ‎31-08-2022

Sorry that paste went wrong. Its

erik-kle · ‎31-08-2022

A customer reports that lineDescription and uom is not posted on SalesOrderV2. So this old bug from this summer is probably back.

IPP-REQUEST-ID: 0fa328f1-6b77-4c9a-a0f4-f51c3a73b4af

andretvard · ‎31-08-2022

Hi

POST controller/api/v1/customerinvoice/{invoiceNumber}/attachment still does not work.

RESPONSE:
{StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Date: Wed, 31 Aug 2022 06:43:12 GMT
Server: Nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1
}}

3a8cddc5-7619-461f-839e-facfd801dcf3

Magnus Johnsen · ‎31-08-2022

Hi,

We're not able to reproduce this, is it still an issue?

Michel V · ‎31-08-2022

Hi Magnus,

Still getting reports about adding attachments to certain documents:

HTTP-POST => integration.visma.net/API/controller/api/v1/supplierInvoice/documentType/Invoice/{invoiceId}/attachment
HTTP-Receive-Header => HTTP/1.1 403 Forbidden
Connection: Keep-Alive
Date: Wed, 31 Aug 2022 09:18:29 GMT
Keep-Alive: timeout=15, max=91
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1
Server: Nginx

Magnus Johnsen · ‎31-08-2022

Hi,

Could you please send us the error message returned as well?

We are not able to reproduce this, but it might be related to companyInContext issues.

Michel V · ‎31-08-2022

We are able to create supplierinvoice but when adding an attachment the following error occurs:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

Magnus Johnsen · ‎31-08-2022

Could you please send us the companyID?

Michel V · ‎31-08-2022

Hi Magnus,

I've sent an email to developersupport@visma.com with the requested companyID

erik-kle · ‎30-08-2022

PUT /controller/api/v1/shipment/{shipmentNbr}
500 - VismaId: 02995599-65ad-411e-93df-ca149b752a13. Object reference not set to an instance of an object

{
"shipmentNumber": {
"Value": "000126"
},
"shipmentPackageLines": [
{
"boxId": {
"Value": "PC"
},
"weight": {
"Value": 90.000000
},
"customRefNbr2": {
"Value": "Test"
},
"operation": "Insert"
}
]
}

Magnus Johnsen · ‎30-08-2022

The issues seems to be resolved now, calls are going through.

Please let us know if you are still having issues.

Thank you.

Michel V · ‎30-08-2022

We are still experiencing the issues with adding attachments to invoice

POST /controller/api/v1/customerinvoice/{invoiceNumber}/attachment

Adding attachments to supplierinvoices also returns 403 Forbidden

POST /controller/api/v1/supplierInvoice/{invoiceNumber}/attachment

Updating customer seems to work now

Stefan Hult · ‎30-08-2022

It Works for us. Thanks.

andretvard · ‎30-08-2022

PUT SalesOrder

POST SalesOrder/Action/CreateShipment

Magnus Johnsen · ‎30-08-2022

Hi,

We are able to reproduce this on some endpoints, do you have any examples that we can pass on to the developer team?

We are currently looking in to this.
It would help knowing:

Endpoint
Timestamp
Request-ID

Thank you.

Michel V · ‎30-08-2022

Hi Magnus,

We are currently noticing the same problem. (time is GMT+2)

Endpoints:
Updating customer PUT /controller/api/v1/customer/{customerCd}

8/30/2022, 1:59:42.880 PM

8/30/2022, 1:59:42.803 PM

8/30/2022, 1:59:42.394 PM

8/30/2022, 1:59:41.713 PM

Adding attachment to invoice POST /controller/api/v1/customerinvoice/{invoiceNumber}/attachment

8/30/2022, 2:59:51.406 PM

8/30/2022, 2:59:51.282 PM

Unfortunately i do not have a Request-ID

I will be happy to provide you with more details should you require them.

"You don't have permission to access this resource" when accessing API

Useful pages

About Visma

Contact us

Follow us