Boards API endpoint does not return all boards

  • 20 September 2023
  • 13 replies
  • 95 views

Userlevel 2
Badge +1

Hi all

I am trying to establish a lifecycle process with the Miro api. I’ve created a miro app (draft status) and installed it in a team (install app and get oauth token). With this token I’ve used the /boards api endpoint like so:
 

GET https://api.miro.com/v2/boards/?limit=50&offset=0
accept: application/json
Authorization: Bearer [oauth token]

 I get back a json saying there is a total of 403 boards in this team:

{
"size": 50,
"offset": 0,
"limit": 50,
"total": 403,
//[..removed]
}

However in the Admin portal I can see that there should be more boards in this team (552). How can this be? (the trash is empty). 

I have the company admin role.

The app has the following permissions:

 

Is this because my user cannot see all boards (e.g. private) - even if I am company admin? 

 

Thanks for your support! 


13 replies

Userlevel 6
Badge +4

Hi @Sandro,

Thanks for sharing this. If you append the team_id query param to your request URL, does this still return 403 boards as well?

Additionally, just to confirm—the team you authorized the app under and received the OAuth access token for is the same team that you are checking in the Admin panel, right?

Thanks!
Will

Userlevel 2
Badge +1

Yes, the OAuth token is from the same team (Factory).

Even if I add the team_id=… query param it still only returns 403 boards. 

Could those 149 be private boards. Where only the owner has access? Would be a pretty high number though… 

Userlevel 6
Badge +4

Thanks for confirming, @Sandro. That’s strange, I don’t believe that should affect the API response in this instance.

I’ve just sent you a DM for some more details that will help to take a closer look at this for you.

Thanks!
Will

Userlevel 6
Badge +4

Hey @Sandro,

Thanks for sharing those details in DM. In taking a closer look and checking with our Engineering team, they confirmed that this appears to be related to a subset of private boards, as you had originally suspected. 

As it turns out, even a Company Admin role will not provide access to private boards under the team. They would not be returned by the API unless they are shared with the team or the company admin themselves.

I believe this clarifies why you’re seeing a subset of the 550+ boards under the team, but let me know if you still have any questions about this.

Thanks!
Will

Userlevel 2
Badge +1

Thanks for clarifying. Is there a way I can “regain” access to those boards as company admin. Or at least be able to see their IDs or board owners that I can write them. Because else I am running into a compliance issue. 

Userlevel 6
Badge +4

Hey @Sandro, it’s a good question. This setting might offer some possible information.

However, I might recommend raising this question in the general community forum — they will know best as this forum is specific to our APIs and SDKs. This might be a good thread to check out as well.

Userlevel 2
Badge +1

Ok, thanks for the insights Will! It looks like we need an Enterprise plan for this “content admin permission” feature. I will reach out to the sales team.

Userlevel 2
Badge +1

Sorry one more question @Will Bishop. I did not find that out via docs. Is there a way to install an app to all teams in your organisation. Because right now I need to install a app in one team, get an accesstoken use it and then install it to another team and use that, etc. 

Userlevel 3
Badge

Hi @Sandro

Does this Miro help article solve your problem?  

Userlevel 2
Badge +1

Thanks Horea

Would installing the app in all teams produce ONE oauth token that would grant me access on ALL teams? So far I thought that the oauth token is bound to a team. E.g. when you use v2/boards/ to get all boards, it would just return the ones from one team. 

Userlevel 3
Badge

Hi @Sandro 

Here is what I heard back from the team:

When company admin only installs the app, the app is not authorized. But for applications that do not use Platform REST api, admins also have the option to authorize them on behalf of their teams while installing.(see screenshot attached, there is a checkbox to authorize) In this case they are authorized in a different way without generating any tokens.

 

 

Userlevel 2
Badge +1

Ok, I that means there is no way of how we can create an app that allows us to generate one token that is able to read out stuff from all teams? Or how would we achieve that? Creating 7 apps for 7 teams, seems a bit of an overkill...

Userlevel 3
Badge

Hi @sandro

You should be able to just create 1 app and then install that same app on each of the teams. 

I am checking to see if there are any enterprise endpoints (would need enterprise plan) which would give you the information you are looking for - will keep you updated on what I find. 

Reply