desire2learn valence get users call giving 403 not authorized error

Question

I am getting a 403 not authorized error with this call -> /d2l/api/lp/1.2/users/ and all it's variations with query parameters.

I have checked the permissions: Search for student, instructor, tutor, etc. and all the UIPs at Organization and Course Offering level for the calling user's role. All are enabled. I've cascade enrolled this user from organization level to all levels. What am I missing which needs to be enabled to make this call work?

Answer 1

Yes -- this is almost certainly that your calling user context doesn't have the permissions in place to make the call, for some reason. We do have this call working fine in our test environments, so I would encourage you to report this through D2L's support desk, and note that it's an API calling issue. You can help move it along significantly if you can provide a packet trace (via Fiddler or Wireshark) of a successful API call, and the not-good call, both outgoing request and response back along with your incident.

If, after opening the incident, you can report the INC number back here in a comment, I can try to expedite assistance at our end.

Answer 2

Well, It was a permissions issue and the call -> /d2l/api/lp/1.2/users/ needed the "User Management Tool" (something like that) permission, which my calling user didn't have at the root organization level. I was also getting an empty result set for the call -> /d2l/api/lp/1.2/enrollments/orgUnits/{OrgUnitID}/users/ this needed the "View User Enrollments" permissions again at the root level.

After enabling those 2 permissions, I'm able to get the expected results.