Correct OAuth2 scope for creating new News items

Matthew.T.222

I am trying to incorporate News item creation (endpoint reference link) into my web app and am running into permissions/OAuth2 scope problems.

 

The API reference does not mention specific scope requirements for POSTing to /news, and this knowledge base article seems to suggest any route without specific notes should be covered under the `core:*:*` scope.

 

Is this accurate and I'm actually running into other permissions issues? Or is there a currently undocumented OAuth2 scope for this endpoint that I should be using? I'm able to create a new News item directly in the LMS UI, and my role has full admin privileges.

 

Thanks!

Richard.M.314

Hi Matthew,

 

You are correct in that this route requires the core:*:* scope. You are probably running into a permission issue. There are a handful of permissions in the Announcements Tool that control if you can create past, present or future dated announcements.

 

Are you getting a 400 response code?

Matthew.T.222

Hi Richard,

 

I'm getting a 403 response code which made me think it had to do with the OAuth scope/permissions. For testing endpoints methods, I've been using a test course that I'm enrolled in with the "All Access Role" in my org, and creating draft/published news items works on the frontend. I can't pinpoint where I might be able to check/change permissions for the Announcements Tool (would this be org-wide or course specific?)

 

For debugging, here's some additional info and screenshots. Please let me know if there's anything that might be helpful, and thanks in advance for your help!

 

OAuth2 scope: `content:*:* core:*:* news:*:* discussions:*:* quizzing:*:*`

 

Postman testing News endpoint with 403 response:

 

Postman testing similar Quizzing endpoint, with a 200 success:

Richard.M.314

Hi Matthew,

 

There's a note in the docs that indicate a new permission was added in version LE = 1.42 and above. This is the "Change Display Author Information Setting" permission in the announcements tool. Since it was added recently, your role may not have this permission. To check, just make the api call at version 1.41. All you need is See Announcements and Add/Edit/Delete announcement permissions for this call.

 

You might also run into an small issue with a null start date. I don't believe this is allowed.

 

-Richard

Matthew.T.222

Thanks Richard! You're right on both counts: my role must not include the new permission (making the API at v1.41 works) and the StartDate needs a value (`null` results in a 400 error).

 

I was also able to locate the new "Change Display Author Information Setting" permission as well (Settings > Security > Roles and Permissions) and add it to my role. After making this change, I was able to get a successful 200 response using the API v1.46!

Eden.Thompson9432

I like to make friends here

Eden.Thompson9432

ok

Eden.Thompson9432

🥰🤲