Hans, Michael:
It's a little complicated, so I hope I can explain this well.
I did try to work this out. What I found is this:
When using a API Key of a Sub-Admin then I can create the project. When I'm using the API Key of a Project Admin then I get a 401 Unauthorized error.
By the way, even when I can create the project , using the Sub-Admin Key, I do need to provide a State field (value: "Open" or "Close") for the project's state. I only mention that cause in your previous JSON snippet it's missing.
Now, when I create the project using the Sub-Admin key, I can set the owner to be the Project Admin username. I will then see the project when logged on as the sub-admin and the owner is the project-admin. Yet, when logged on as the project-admin , I do not see the project. The reason is that we need to Authorize the user and give it a permission with the new project.
When you create a new project from the UI then you have the option to copy users with their permissions, also you have the button to add new/existing users to the project which essentially creates that permissions.
The permission is stored in a separate API object called: "Project Permission" (you can see it in the WSAPI object mode), and so creating the "project" object does not create the "ProjectPermission". So, even when the sub-admin's api-key creates the project and even if setting the project-admin username to be 'owner' the user is still not permitted to this project.
If I then issue a subsequent call using PostMan, and create a ProjectPermission endpoint object associating the username with this new project - then all works. At that point, I can see the project when logged on as the project-admin username.
So here are all the issues around all of this:
1. First, I couldn't find a way in postman to create a 'project' along with 'ProjectPermission' in a single Post/Put command. Perhaps it's possible, but I didn't find such a way. The challenge here is that you need to create the project first to get the ObjectID so that you can use it as a reference in the ProjectPermission. This suggests two transactions. When done in two separate calls , as said , it works. I tried to combine the JSON structure of the two calls into a single one, hoping to create the project and permissions in a single call , it didn't work.
2. Second, going back to what I wrote at the top that when using the Project Admin's api-key then I'm getting a 401 Unauthorized. It seems that the api-key isn't able to create a project even without any permissions. This seems to be a product issue.
morky01 ,
Hopefully you can help us with regard to both these points:
- Is there a way to create a project along with permissions (even if the sub-admin is the creator) ?
- Is it by-design that the project-admin api-key (generated with Full Access) is unable to create even an initial project without permissions?
By the way, it may be the a workspace-admin is behaving like the sub-admin, I didn't try yet. I'll try a workspace-admin api-key as well and let you know.
Thanks,
Sagi