Odata OpenAPI

Hi Marlo,

Are you not receiving any data or is there an error occuring? Authentication is one thing that comes to mind. Could you share a screenshot of the request you are doing and the response after? Please blur any information that is potentially confidential.

The request has status 200 OK, but now value are showing.

However, I'm getting the error ‘Unable to verify the first certificate’ in Postman

But when entering the URL in google I'm receiving data. 

It is possible that Cookies are the troublemakers here. Postman likes to hold on to cookies which can result in a discrepancy between expectation and result. You can try to clear all cookies and retry.

Also, the authentication could be different from when you perform the GET request in the browser thus performing the request under a different user, and maybe a user with less rights to the data. 

Hope this helps!

By Clearing the cookies I can now see the data in Postman, with my own account (has full rights in Thinkwise (TW)))
But the aurtorisation rights for the API account are incorrect as they no longer show the data. 

I've given that account read only rights for certain tables, and it should also see the data in these tables for the company ID that the account has rights to.
But there something went wrong as it is now not able to see any data. 

we have a User table in which we link company to the account.

As you can see below I have linked the specific company to the API test account.

I'm not completely sure if this would also work for the API, to only have right to the data of this company. 

Furthermore in the SF: Access Control > Model rights > Tables (Company) > Prefilter, I've the follow settings check. before I didn't have Always on Checked on. but then It would show all the data, all the companys in the tables. 

Do you perhaps have a hint what I have to change to give the account only the rights to see the data for the specific company.

Assuming your are testing via the IAM metasource, once you have synchronized the roles and prefilters to IAM and the application is active, the API endpoints open up for it. The "Always on” will make sure the prefilter is enforced when interacting with Indicium and obtaining data for that table. It does require the "Visible” checkbox to be also checked. However, since it is Always on, the prefilter will not be shown to the user. Assuming the prefilter is functioning as intended, the table data should be filtered.

So, I think you only need to set Visible to be True and synchronize, then try again (after clering the cookies)

I've checked the “visble” checkbox and synched the roles to the IAM. However, there is still something wrong, as there is still no data visible for the test account with restricted rights.

The prefilter works for as intended for user in the producntion application. If we assign a certain company, the user can only see the data of that company. I assumed this would also work in the same manner for the API account. Or am I wrong on that part?

I'll be at the TEC to work on Thinkwise, hopefully someone from Thinkwise has so time to give some assistance on what might be going wrong.