The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.



Go to last post Go to first unread
#1 Posted : Wednesday, September 12, 2018 8:22:15 PM(UTC)

Rank: Guest

Joined: 5/3/2018(UTC)
Posts: 7
Location: Milwaukee

I know I can get a definition file for the rest api for my instance in the form of:

https://[instancename].screenconnect.com/OpenApiDocument.axd (Is there a Swagger like document explaining the details of each function?

What permissions are needed to make calls on the functions in this api, such as: https://[instancename].screenconnect.com/Services/PageService.ashx/GetSessionDetails

I can make a raw call to this endpoint using something like fiddler/postman:

POST https://[InstanceName].screenconnect.com/Services/PageService.ashx/GetSessionDetails HTTP/1.1
accept: application/JSON; charset=utf-8
content-type: application/json
cache-control: no-cache
authorization: Basic **************************
user-agent: PostmanRuntime/7.2.0
accept-encoding: gzip, deflate


It seems I can only successfully make this call with the "Cloud Administrator" account, no others. I feel like I'm glossing over a permission ssue here, but I don't know where.

I don't want to store cloud admin credentials in an application in order to make this work...

Any insight is appreciated.

#2 Posted : Wednesday, October 3, 2018 1:40:34 PM(UTC)

Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,862
United States

Thanks: 3 times
Was thanked: 351 time(s) in 303 post(s)
So I guess the only reliable way to know which permissions are required for each method is to look at the functions themselves.

Within the server installation in Services/PageService.ashx, the GetSessionDetails method has


		Permissions.AssertPermission(new SessionPermissionRequest { Name = PermissionInfo.ViewSessionGroupPermission, SessionGroupName = sessionGroupName, SessionType = sessionDetails.Session.SessionType }, permissionEntries);

meaning it requires the ViewSessionGroupPermission to return any information. It also requires the ViewSessionGuestScreenshotPermission (found one line above the previous code sample) to correctly return the image data.

Just for another example, if you look within the MailService.ashx class at the SendTestEmail method, you can see it also asserts the AdministerPermission.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.