jhwon:

put /api/v2/users/{userId}/station/associatedstation/{stationId}

You are correct, where the posting said PUT api/v2/users/{userId}/station/{stationId} it should have said PUT api/v2/users/{userId}/station/associatedstation/{stationId}. I've fixed the original post, thanks for calling this out.

hello, Daniel PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit This API does not exist. It is not found in developer. Can you tell me the exact API name? There are two PUT-type APIs that contain station. Is it one of the two APIs below? Or is it both? pu…

jhwon:

put /api/v2/users/{userId}/station/defaultstation/{stationId}

A great question to be asking! We use this specific API ourselves and are interested to know if it will be impacted.

Regardless if it will or wont, it looks like all we have to do is update our environment to make sure the new permission is granted if required correct?

Hi,

Just to confirm - this won't affect calls to GET /api/v2/users/{userId} that use the "station" expand parameter, correct?

Daniel_Meyer:

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

hello, Daniel

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

This API does not exist.
It is not found in developer.

Can you tell me the exact API name?

There are two PUT-type APIs that contain station.
Is it one of the two APIs below? Or is it both?

put /api/v2/users/{userId}/station/associatedstation/{stationId}
or
put /api/v2/users/{userId}/station/defaultstation/{stationId}

Description

Required permissions are being added to the user station API endpoints.

Change Category

API

Change Context

Certain user station endpoints that allow viewing, changing, and deleting others' station associations currently do not perform any permissions check. The effect of this is that any authenticated user is currently able to manipulate others' station associations. It is desirable that system administrators be able to lock down such activity by granting or revoking permissions; thus this change.

Change Impact

After the change, the required permissions will be as follows:

GET api/v2/users/{userId}/station - telephony:otherStationAssociation:view
PUT api/v2/users/{userId}/station/associatedstation/{stationId} - telephony:otherStationAssociation:edit
DELETE api/v2/users/{userId}/station/associatedStation - telephony:station:disassociate
DELETE api/v2/stations/{stationId}/associatedUser - telephony:station:disassociate (currently requires telephony:plugin:all)

A permissions backfill will be performed so that affected users will not lose access to endpoints; system administrators can then revoke permissions as desired.

Date of Change

Apr 16, 2025

Impacted APIs

GET api/v2/users/{userId}/station
PUT api/v2/users/{userId}/station/associatedstation/{stationId}
DELETE api/v2/users/{userId}/station/associatedStation
DELETE api/v2/stations/{stationId}/associatedUser

References

[PURE-6104]