2 Replies Latest reply on Oct 14, 2016 4:26 AM by mcollinge

    API to list webhooks is restricted by requesting user

    mcollinge

      I'm a bit stumped as to why the REST API call to list out registered webhooks only returns ones created by the user making the API call?

       

      GET /api/core/v3/webhooks

       

      It means that if a user leaves the company, I'm unable to see/modify/delete their webhooks without going to the database. System administrators might want to see what's set up in the system, and can't.

       

      It feels like an odd restriction to enforce, especially since I can actually plug in numbers into the URL for getting the details of a particular webhook & see the details of ones set up by other users, or issue a DELETE on other user's webhooks without any restrictions;

       

      GET /api/core/v3/webhooks/{webhookID}