cancel
Showing results for 
Search instead for 
Did you mean: 

Does the endpoint GET /api/v1/quotes/{quoteId} get data for non-active revision for my quote only?

shawn_yong
Explorer
0 Kudos
732

Does the endpoint GET /api/v1/quotes/{quoteId} get data only for active revision for other quote owners?

The test showed that endpoint GET /api/v1/quotes/{quoteId} gets data for

  1. both active and non-active revisions for My Quotes.
  2. active revision for Other Quotes.

However, CPQ returns 403 forbidden with the message "Logged user doesn't have permission to view this quote" when we get data from non-active revision for Other Quotes.

Accepted Solutions (1)

Accepted Solutions (1)

shawn_yong
Explorer
0 Kudos

Issue fixed on CPQ February release 2402.

shawn_yong_0-1709720366309.png

 

Answers (1)

Answers (1)

yogananda
Product and Topic Expert
Product and Topic Expert
0 Kudos

shawn.yong

seems like you don't have permission for the API user which youre trying to make a call. check if Admin or Non-Admin.

Only Admin can pull the data from API and also the permissions been given to a User.

shawn_yong
Explorer
0 Kudos

yoganandamuthaiah

Thank you for your feedback.

I am using an Admin user who can view all quotes on CPQ.

I have found similar use case. When the Admin user navigates on CPQ, he can view or edit a non-active revision for other quote owners.

But using this URL https://{cpqEnvironmentUrl}/cart/edit?quoteId={quoteId}, CPQ shows the same error as in the API call.

yogananda
Product and Topic Expert
Product and Topic Expert
0 Kudos
### To get Bearer Token
POST {{cpq_new_url}}/basic/api/token
Content-Type: application/json;charset=UTF-8

grant_type=password&username={{userid}}&password={{pass}} --------------------------------------------------------------------- ### To Get Quote details
GET {{cpq_new_url}}/api/v1/quotes/4154
Authorization: Bearer {{accessToken}}
Content-Type: application/json

shawn.yong

shawn_yong
Explorer
0 Kudos

I tried {{cpq_new_url}}/api/v1/quotes/4154 with a bearer token and the result are as follows:

Use Case 1: Pull data from a quote using the Quote ID for an Active revision where the API user is the owner of the Quote. Success.

Use Case 2: Pull data from a quote using the Quote ID of the Non-Active revision where the API user is the owner of the Quote. Success.

Use Case 3: Pull data from a quote using the Quote ID of the Active Revision where the API user is not the owner of the Quote. Success.

Use Case 4: Pull data from a quote using the Quote ID of the Non-Active Revision where the API user is not the owner of the Quote. Fail. Error message: "Logged user doesn't have permission to view this quote"

As per use case 4, if the API user lacked permission to view another user's quote, then use case 3 should have failed as well.

yogananda
Product and Topic Expert
Product and Topic Expert
0 Kudos
shawn.yong

User 4 - Check Quote Visibility permissions what is in your tenant configured by you or CPQ Admin.