Hi fengka
For your calls to be successful, you'll need two permission settings (Make REST API calls with read access and Make REST API calls with modify access) to be set to Grant. This is done in Community Admin > Users. I think this will solve your issues. We describe this in our API doc in the Authentication section. Hope this helps.
Hi SuzieH
Thanks for your reply. This is one workable solution. After our lithium forum administrator enbled the allow_restapi_call_modify to (only) my account, I can modify the data like giving a kudo via REST API call.
This looks like need to grant the permission per user via the setting. However I have further questions:
1. Can we enable the allow_restapi_call_modify to ALL the user by default with one time? We would like to let all the forum registered user modify the data via rest call. If we have to enable it one by one per user, that will be a huge work.
2. If the answer to question 1 is yes, the next question is should we do it like that? Do we have potential security concern if all the user can modify forum data via REST API call?
3. When doing the authentication, we are required to provide "client_id" and "client_secret", can we grant writable permission per "client_id"?
Thanks.
