zjullion | 2020-03-24 18:57:05 UTC | #1
I know this question / type of question has been asked many times before, notably here:
https://developer.mypurecloud.com/forum/t/start-and-stop-recording-and-screen-capture/6531
And I know that tim.smith states in the link that "This is correct and intentional. Your app cannot act on behalf of a user until the user authorizes it."
But why? With a client credentials grant we can:
- Create and delete users
- Create and delete OAuth applications
- Create and delete telephony, call flows, etc..
But we can't modify conversations.
Why is pausing a conversation more locked down (more secure) than being able to add and delete users, or add and delete OAuth applications? I understand the idea of preventing an application from performing unwanted actions on a user's behalf, but when that application can LITERALLY DELETE THE USER, what could possibly be the reasoning for preventing that application from modifying a user's conversation?
tim.smith | 2020-03-24 18:59:30 UTC | #2
That's the way the API was designed. You can request new features and share your use case at https://purecloud.ideas.aha.io/ideas.
Ruben_Estevez | 2020-03-24 19:17:47 UTC | #3
Is possible to elaborate on why this was the design decision?
tim.smith | 2020-03-24 19:26:59 UTC | #4
Not really, the APIs are designed the way they are based on a multitude of factors. If you share your use case on an idea, it will help drive future product enhancements.
zjullion | 2020-03-24 21:29:41 UTC | #5
There is already an idea for this that has been open since November 2018: https://purecloud.ideas.aha.io/ideas/CLWFO-I-153
We will be contributing to it.
system | 2020-04-24 21:29:42 UTC | #6
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 7395