https://community.qlik.com/t5/Integration-Extension-APIs/February-2024-release-Change-in-OAuth-CRUD-authorization/m-p/2420220#M19931 <P><SPAN>We have a unique OEM use-case where we need to create, configure, and delete OAuth M2M clients programmatically.&nbsp; We are using undocumented API endpoints for this use-case (see below).&nbsp; Everything was working until yesterday.&nbsp; It seems like the February release of Qlik Cloud went out yesterday.&nbsp; We noticed the following API behavior change is causing our OEM workflow to no longer work.&nbsp; We are looking for advise on how to resolve the issue.</SPAN></P> <P><SPAN>We have a trusted M2M OAuth client with a Tenant Admin role, with the scopes,&nbsp;user_default , admin_classic, and offline_access.&nbsp; It was able to create an M2M OAuth client programmatically by making the following request.</SPAN></P> <LI-CODE lang="markup">curl -X POST --location 'https://some-tenant.us.qlikcloud.com/api/v1/oauth-clients' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'qlik-web-integration-id: &lt;webIntegrationId&gt;' \ --header 'Origin: https://some.origin.com' \ --header 'Authorization: Bearer &lt;token&gt;' \ --data '{ "app_type": "web", "client_name": "some client", "description": "a temporary client", "allowedGrantTypes": [ "client_credentials" ], "allowedScopes":[ "user_default", "admin_classic", "offline_access" ] }'</LI-CODE> <P>&nbsp;</P> <P><SPAN>However, this endpoint now returns a 403.&nbsp; Allowing all scopes and roles to the M2M OAuth client that is making the request still returns a 403.&nbsp; Deleting and recreating the M2M OAuth client making the request also is causing the same issue.</SPAN></P> <P><SPAN>What could we potentially do to allow an M2M OAuth client to create and configure other M2M OAuth clients?</SPAN></P> Fri, 16 Feb 2024 19:35:03 GMT yosuke-coupa 2024-02-16T19:35:03Z https://community.qlik.com/t5/Integration-Extension-APIs/February-2024-release-Change-in-OAuth-CRUD-authorization/m-p/2420220#M19931 <P><SPAN>We have a unique OEM use-case where we need to create, configure, and delete OAuth M2M clients programmatically.&nbsp; We are using undocumented API endpoints for this use-case (see below).&nbsp; Everything was working until yesterday.&nbsp; It seems like the February release of Qlik Cloud went out yesterday.&nbsp; We noticed the following API behavior change is causing our OEM workflow to no longer work.&nbsp; We are looking for advise on how to resolve the issue.</SPAN></P> <P><SPAN>We have a trusted M2M OAuth client with a Tenant Admin role, with the scopes,&nbsp;user_default , admin_classic, and offline_access.&nbsp; It was able to create an M2M OAuth client programmatically by making the following request.</SPAN></P> <LI-CODE lang="markup">curl -X POST --location 'https://some-tenant.us.qlikcloud.com/api/v1/oauth-clients' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'qlik-web-integration-id: &lt;webIntegrationId&gt;' \ --header 'Origin: https://some.origin.com' \ --header 'Authorization: Bearer &lt;token&gt;' \ --data '{ "app_type": "web", "client_name": "some client", "description": "a temporary client", "allowedGrantTypes": [ "client_credentials" ], "allowedScopes":[ "user_default", "admin_classic", "offline_access" ] }'</LI-CODE> <P>&nbsp;</P> <P><SPAN>However, this endpoint now returns a 403.&nbsp; Allowing all scopes and roles to the M2M OAuth client that is making the request still returns a 403.&nbsp; Deleting and recreating the M2M OAuth client making the request also is causing the same issue.</SPAN></P> <P><SPAN>What could we potentially do to allow an M2M OAuth client to create and configure other M2M OAuth clients?</SPAN></P> Fri, 16 Feb 2024 19:35:03 GMT https://community.qlik.com/t5/Integration-Extension-APIs/February-2024-release-Change-in-OAuth-CRUD-authorization/m-p/2420220#M19931 yosuke-coupa 2024-02-16T19:35:03Z https://community.qlik.com/t5/Integration-Extension-APIs/February-2024-release-Change-in-OAuth-CRUD-authorization/m-p/2420628#M19941 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/226619">@yosuke-coupa</a>&nbsp;</P> <P>We don't support usage of unpublished (i.e. not published on <A href="https://qlik.dev" target="_blank">https://qlik.dev</A>) APIs, however we do have work ongoing to prepare this API for publishing, which potentially is what's caused the changes you've seen.</P> <P>Once an API is published, it is governed and we are required to publish notice of breaking changes on the changelog at qlik.dev.</P> <P>I'll reach out about this specific API over email.</P> Mon, 19 Feb 2024 09:49:24 GMT https://community.qlik.com/t5/Integration-Extension-APIs/February-2024-release-Change-in-OAuth-CRUD-authorization/m-p/2420628#M19941 Dave_Channon 2024-02-19T09:49:24Z