First I appologize if cross-posting here and to stackoverflow is dis-encouraged. If so, i couldn’t find the netiquette.
I have an API key. The user behind the API key has been propagated to be admin.
I am sending authenticated requests as described in Web API
Using Insomnia.
A call to /api/components/search_projects works.
A call to /api/project_analyses/search?project=RSV_FLAG fails with HTTP Status Code 403
If I am in the web interface I see that calls to the same API endpoint /api/project_analyses/search work, yet there are cookies and xrfi-tokens involved.
Why does a call to /api/project_analyses/search fail when the token assigned has administrative privileges?