Teams Power Virtual Agent - API Key Rules

[CraigP]

We're in the early stages of investigating the Teams Power Virtual Agent.

Is there a list of rules that need to be applied to the API key used for it? I'd like to lock it down a bit but I didn't see details of specific rules it needs access to on the wiki page.

 

[SamS]

Hi @CraigP,

The Wiki page has been updated:-)

[CraigP]

@SamS Great, thank you!

[CraigP]

Hi @SamS

I've just been testing the bot out today, and following adding the rules listed on the Wiki, I've noticed it seems to now have an issue with the "Hornbill - Update Request Custom Fields" Flow.

Upon digging into the Flow run history, I found it returned the error "The API key specified is not authorized to invoke this operation (apps/com.hornbill.servicemanager/Requests:update)"

So I added "apps/com.hornbill.servicemanager/Requests:update" to the rules and tried again, but now it's come back with "FlowCode Exception (com.hornbill.servicemanager/entities/Requests/fc_ops/update): Security Error: 1"

Are you able to clarify what the latter is trying to tell me please?

[SamS]

Hi @CraigP,

Thank you for finding the additional operation - it was coded slightly differently so it didn't make the list I compiled earlier. The wiki page has been updated (and I checked whether other endpoints were coded in the same way to this one - there weren't.

As for the Security Error you highlight - could you please confirm that the account which you generated API key for indeed has access to update the call via the UI?

[CraigP]

I tried running the Update Request API call manually and it worked with that API key. I then tried again through the chat bot and it is no longer returning that security error. I'm not aware of anything that has changed since, so not sure what caused it!

Oddly, it is still returning "False" for the "Outcome Success" of the flow (and the "SuccessSystemUpdate" variable is returning "No"), but there is no error and it appears to be updating the custom fields without issue now, so I guess I'll just ignore that and carry on (perhaps I'm just misunderstanding something?) Thanks again!