Getting error when trying to use Assume-User functionality to fetch the data of all users.

Options
Reshma R
Reshma R
edited 04/25/24 in API & Developers

The Admin account is unable to fetch data for other users incase of the developer account. When we try to use the Assume-User functionality to fetch data by impersonating other users, with the help of an admin account and Oauth2 session, we get the following error.

{

  "errorCode": 1030,

 "message": "You are unable to assume the user specified.",

 "refId": "ynvxse"

}

1. Can you please confirm inorder to fetch the other user's data should we use "Oauth2" mechanism or "API Token" or both?

2. Currently we are using developer/trial account for analysis, since we are unable to create API Token could you please tell us if Assume-User functionality could be used in this case?

 


 

Answers

  • jmyzk_cloudsmart_jp
    jmyzk_cloudsmart_jp ✭✭✭✭✭✭
    Options

    Hi @Reshma R

    I think the issue you're facing with the Smartsheet API error "You are unable to assume the user specified" is due to limitations with developer/trial accounts.

    Assuming another user:

    • Use an API token generated from an Admin account with the "Assume User" header specifying the target user's email address.

    Smartsheet API Doc

    https://smartsheet.redoc.ly/?_ga=2.90865434.1871593143.1714525811-981216202.1712882121#section/API-Basics/Assume-User

    Allows an admin to act on behalf of, or impersonate, the user to make API calls. You might do this to troubleshoot a user problem or cover for vacations and sick time. As with cURL, the email address used to identify the user must be URI-encoded.

    An admin cannot impersonate another admin.

    NOTE: You must manually generate a token to assume user.

    Oauth2 Access Scopes limitation

    No “Admin” nor "Assume User" Scope: There is no specific scope listed for assuming another user's identity. The available scopes focus on data access, administrative tasks, and content creation/management. So, use OAuth2 for regular user authentication within your application.

    Sample  code assuming user:

    The Python code updates the title of the first column, assuming the user.

    smartsheet_client.assume_user("jane.doe@smartsheet.com")
    

    https://gist.github.com/jmyzk/6c36229d34ac1f167d6b6170c7c8c055