Tweet
Hi EspoCRM community,
I hope you're all doing well! I'm running into a puzzling issue with the API in my EspoCRM setup (version 9.2.2), and I'd really appreciate any insights or help you might have. I've searched the forum and tried various fixes, but nothing's working so far.
The Problem:
Logs from EspoCRM (data/logs):**
What I've Tried So Far:
It seems like core relations have some extra internal checks that custom ones don't. Has anyone run into this before, especially with API access to Phone/Email relations on custom entities? Is there a way to grant explicit rights to these hidden entities, or perhaps a config tweak in config-internal.php? I need the related endpoint because they contain the unique id of the related entry which I need for sync purposes.
Any advice, workarounds, or pointers would be hugely appreciated – thanks in advance for your help!
Best regards,
Benjamin
I hope you're all doing well! I'm running into a puzzling issue with the API in my EspoCRM setup (version 9.2.2), and I'd really appreciate any insights or help you might have. I've searched the forum and tried various fixes, but nothing's working so far.
The Problem:
- I'm using a custom entity called "CBeteiligte" (which is essentially a customized Contact-like entity).
- API calls to the main entity work fine: e.g., GET /api/v1/CBeteiligte/{id} returns the record without issues.
- However, relation endpoints for core fields like PhoneNumbers or EmailAddresses throw a 403 Forbidden error: e.g., GET /api/v1/CBeteiligte/{id}/phoneNumbers or /emailAddresses.
- Custom relations (e.g., a custom "adressens" relation) work perfectly via API.
- This happens for both API users (with keys) and regular non-admin users (opening the api-endpoint in browser). Only when logged in as an admin (via direct access) do these endpoints work (in browser).
- Frontend/UI shows the phone numbers/emails fine for all users.
Logs from EspoCRM (data/logs):**
Code:
Warning 403 Espo\Core\Exceptions\Forbidden /var/www/html/application/Espo/Core/Record/Service.php 1.050 GET /CBeteiligte/68e4af00172be7924/emailAddresses
Debug API (403) GET /CBeteiligte/68e4af00172be7924/emailAddresses; Route pattern: /{controller}/{id}/{link}; Route params: Array ( [controller] => CBeteiligte [action] => listLinked [id] => 68e4af00172be7924 [link] => emailAddresses )
- Assigned full rights to the API user's role: Read/Create/Edit/Delete set to "yes" for CBeteiligte and all visible entities.
- Checked Assignment Permissions: Set to "all" in the role.
- Set all permissions possible to max in the role
- Ran Clear Cache (all options) and Rebuild multiple times (both via UI and CLI: php clear_cache.php --all && php rebuild.php).
- Regenerated API keys.
- PhoneNumber/EmailAddress don't appear in the Roles list (as they're core/hidden), so I can't directly set rights there.
- Tried the same with non-custom entity "contact". Same problem.
It seems like core relations have some extra internal checks that custom ones don't. Has anyone run into this before, especially with API access to Phone/Email relations on custom entities? Is there a way to grant explicit rights to these hidden entities, or perhaps a config tweak in config-internal.php? I need the related endpoint because they contain the unique id of the related entry which I need for sync purposes.
Any advice, workarounds, or pointers would be hugely appreciated – thanks in advance for your help!
Best regards,
Benjamin
Comment