Genesys Cloud - Main

 View Only

Discussion Thread View
  • 1.  API access to agents

    Posted 18 days ago

    Hello,

    Some of our agents have discovered the developper tools and are trying to use the API directly. Is there any way to disable the API usage to agents ?


    #PlatformAdministration
    #Security
    #Unsure/Other

    ------------------------------
    Lionel Florence
    Helpline SAS
    ------------------------------


  • 2.  RE: API access to agents

    Top 25 Contributor
    Posted 18 days ago

    Hey Lionel, 

    Interesting indeed! 

    I'm not 100% sure if you can lock the developer tools down per user, though their user access controls/permissions/roles should dictate what they could even do within the dev tools/APIs.

    Out of pure interest, what are they even trying to do?



    ------------------------------
    Lawrence Drayton
    Prvidr Pty Ltd
    ------------------------------



  • 3.  RE: API access to agents

    Posted 18 days ago
    Edited by Antwuan Rencher 12 days ago

    Hi,

    Thanx for the answer. Our concern is that on our first tests a basic account can access quite easily to any API reaquests. Some with errors and some with access to data from divisions that is not supposed to access. We are investigating more tomorrow, before opening a ticket to Genesys support.

    BTW : they are trying to get all the history of interactions mainly because the standard exports have some issues with the custom attributes values (some values are not visible in the reports despite they are visible in UI :-( )



    ------------------------------
    Lionel Florence
    Helpline SAS
    ------------------------------



  • 4.  RE: API access to agents

    Top 25 Contributor
    Posted 17 days ago

    Hey mate, 

    Hmm, very interesting - as far as I am aware the user context that the request is being made from (Which is how the dev tools do it) should only give them access to pull information or APIs that they have permission to access. I would be interested to the outcome of your support ticket and if you are willing to I would like to test some of your use cases in my environment if you would share the APIs they are using spesifically.



    ------------------------------
    Lawrence Drayton
    Prvidr Pty Ltd
    ------------------------------



  • 5.  RE: API access to agents

    Posted 14 days ago

    Hello Lawrence,

    After more investigations :

    • If a agent as a permission thru a role he can use all API relative to that permission.

    • We found at least one issue : by default our agent have the "location - edit" permission which let them change their location on their profile... But let them change any parameter of any location thru the API. This include the location name for example.

    • A user with only the "employee role" can access thru the API to any interaction, he just need to have the ID of the interaction. Even if the interaction is associated to another division. Note that he can not access to this interaction with the user UI, "access denied".


    We did not go thru all the APIs to identify more issues like this but we are opening an incident on the "location edit permission" and the "interaction access".

    Another "side effect" is that thru API, agents can collect all the data of one collection in one request, where this would take them a lot of clics and efforts in the user interface. The good example is the directory : they can get all the members and their data of the directory in one request !

    Let me know if you see the same results.

    Regards,

    Lionel



    ------------------------------
    Lionel Florence
    Helpline SAS
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources