I will note those steps for re-use because I got some questions about new users – that was added to WebAdmins group but they cannot use service api.
- Quicksilver with service api installed.
- We will use PostMan tool to verify this issue.
- In this guide, we’ll use existing user email@example.com in WebAdmins group.
Reproduce the issue
- First, make sure that we could get user token for next step.
- Use this token with bearer prefix to test an example service api (/episerverapi/commerce/catalogs).
Fix the issue
- Navigates to CMS > Admin.
- Choose Config tag, Permissions for Functions in Security.
- We will see EPiServerServiceApi, that has ReadAccess and WriteAccess permission.
- In ReadAccess permission, add WebAdmins group and save it.
- Now try again with new token of firstname.lastname@example.org account, we will get return result.
- And we could do the same with WriteAccess if user want to use POST action.
Hope this help you.