← Back to team overview

dhis2-devs team mailing list archive

Need help to identify proper authorities to make API calls in DHIS

 

Hi DHIS Team,

We are planning to use DHIS OAuth in our application.
We want to make API calls to view/add/update/delete the events, programs,
dataSets, dataValues etc. For this we want to figure out minimum list of
authorities so that access token generated from the user's login detail
should be able to make api calls.

*Requirement* :
We require a user login that can make api calls to fetch data, but they
should not be able to update data directly through DHIS.

*What we tried : *
We tried to assign selective authorities to the particular user role and we
have following observation :
1. When we assign no authorities to the user role, and make api call for
events we got below response

*{"pager":{"page":1,"pageCount":2,"total":1365,"pageSize":1000},"events":[]}%*

NO events came in the response json in spite of events present in the
system.

2. When we assign all authorities except '*ALL*' to the user role, and make
api call for events we got the same response as above.

*{"pager":{"page":1,"pageCount":2,"total":1365,"pageSize":1000},"events":[]}%*

3. When we assign the authority '*ALL*' to the user role, and make api call
for events we were able to get all the events. This also enables the user
to make update data directly from DHIS.

Could you please help us to figure out the minimum authority to make API
calls?

Thanks,
Rajeswari & Gaurav.

Follow ups