Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integration, Extension & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

Announcements
Customer Spotlight: Discover what’s possible with embedded analytics Oct. 16 at 10:00 AM ET: REGISTER NOW

Who Me Too'd this topic

Stentone
Contributor II
Contributor II
‎2024-03-07 09:31 AM

Permission Denied When Exporting and Downloading App

I am attempting to set up an OAuth client that can be used to programmatically export and download an app from a shared space via the Qlik Cloud REST API.

I am successfully able to run the export POST request, "https://<tenant>.<region>.qlikcloud.com/api/v1/apps/<appId>/export",  and receive the location header specifying a temp-contents ID. However, when I try to get the file from temp-contents endpoint via GET "https://<tenant>.<region>.qlikcloud.com/api/v1/temp-contents/<id>", I receive a response with a "404 Not Found" status with the following body:

{
    "traceId": "a5075a43661a3dde6633722c7ed6e8b5",
    "errors": [
        {
            "code": "TCS-012",
            "title": "Unable to retrieve metadata",
            "detail": "Metadata can't be retrieved",
            "meta": {
                "locale": "en-US",
                "errorType": "Error",
                "sourceErrors": "permission denied"
            }
        }
    ]
}

While it is returning a 404 error, the body's message suggests the client does not have sufficient permissions. I get the same error when trying the "/temp-contents/<id>/details" endpoint.

The client has the 'Analyzer' entitlement with the 'Tenant Admin' role. It is of type 'Web', has the M2M option checked, and has the trusted consent method. 

It has access to the 'admin.apps:export' and 'admin.apps:read' scopes as well as the "Can view" and "Can edit" space permissions in the shared space that the app I'm trying to export resides. I've also tried different combinations of space permissions and OAuth scopes to no avail.

My testing workflow has been to retrieve a token via "https://<tenant>.<region>.qlikcloud.com/oauth/token" with the previously mentioned scopes and use that to authenticate for the export and temp-contents requests.

Am I missing something here? Is there a way that I can debug and evaluate permissions for this, or view what's available in the temporary content service?

Any help would be appreciated!

Labels (2)
Labels
1 user say ditto
833 Views
Who Me Too'd this topic