0

We are noticing 401 Unauthorized error while using custom scope PAT in preview REST API calls(Trying to fetch data related to Deployments/Environments created by Yaml pipelines)

https://dev.azure.com/{orgnName}/{ProjName}/_apis/distributedtask/environments?api-version=6.0-preview.1

https://dev.azure.com/{orgName}/{ProjName}/_apis/distributedtask/environments/{env.Key}/environmentdeploymentrecords?top=2000&api-version=6.0-preview.1

I tried calling above Restapi calls with below custom scope PATs. But they all resulted in ‘401 unauthorized error’.

Read Read, Write & Execute Read, Write, Execute& manage Read Read & execute Read, Write, execute & manage(Release)+Read & execute(build)

Could you please tell me what permissions do I need to grant for PAT to access the environment deployments API.

user1926055
  • 11
  • 4
  • Is there any update for this issue? If the answers helped or gave a right direction. Appreciate for [marking it as an answer](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) which will also help others in the community. – Walter Jan 15 '21 at 10:06

2 Answers2

0

That's an interesting question. I've tested on my org and only one permission gives access: Tokens.

enter image description here

Shamrai Aleksander
  • 13,096
  • 3
  • 24
  • 31
  • We need more information. For yaml related pipeline details - Why we need to give token permissions. This might have security implications. Can you please let us know? – user1926055 Jan 19 '21 at 07:14
  • Hi Team, Please let us know expected estimated time for fixing this issue. – user1926055 Mar 16 '21 at 06:47
0

As a workaround, you can grant Token Administration or Tokens permission for your PAT. The two permissions worked on my side.

enter image description here

We have reported this issue in Developer Community. Please vote and follow this ticket for latest updates.

Walter
  • 2,640
  • 1
  • 5
  • 11
  • For yaml related pipeline details - Why we need to give token permissions. This might have security implications. Can you please let us know? – user1926055 Jan 19 '21 at 07:21
  • This is indeed not expected behavior. We have reported this issue to the product group. Please follow [this ticket](https://developercommunity.visualstudio.com/content/problem/1227111/rest-api-for-environments-requires-token-administr.html). Hope this issue can be fixed soon. – Walter Jan 19 '21 at 07:36
  • Still not fixed... – Rye bread May 05 '22 at 14:52