Access rights with personal token not available

BramDecuypere · June 23, 2020, 3:46pm

PROBLEM: I believe there is something wrong with the access rights on the API.

GOAL: Trying to get access to the open-api. As described here: https://open-api.netlify.com/ and https://docs.netlify.com/site-deploys/create-deploys/#api-endpoints

Netlify site names:

They are both part of a team called Lizy

I’m put as an owner of both websites.

The first one I created, the second one was created before I arrived. The only difference I can see is in the order of the site members under site settings.

When I log all the websites I see only the first one appear (the one I created) with my personal access tokens. (plus the ones I created manually via the UI).

WHAT I EXPECT:
All site members with the role of owner should be able to fetch the site id and do other calls towards this website. Not just the one that created it. I guess I could use the personal token of the first creator. But I guess this is not intentional? If it is, I would love to understand why.

Kind regards

Bram

Pie · June 23, 2020, 2:17pm

Hey @BramDecuypere,

Cheers for bearing with us! Just out of interest, which endpoint are you calling?

/api/v1/sites will return the sites which you created (the listSites call)

/api/v1/lizy/sites will show the sites for the account (the listSitesForAccount call)

BramDecuypere · June 23, 2020, 2:20pm

Not much to say there! Thanks for being gentle on the suggestion
For some reason I expected the listSites to show me all the websites my account has access for.
Out of curiosity, what are usecases you would see to not have those two endpoints merged and only have ‘listSites’ do all the websites your account has access for?

Pie · June 23, 2020, 3:46pm

Not a problem! It’s a fair assumption, to be honest.

As for the why – I assume that it’s because we make use of the listSites call internally. There’s several occasions where we’d want to know who the creator of a site is… perhaps site transfers, for example!