I raised a ticket about this, but I thought I'd check to see if anyone else who is using the API has run into any issues like this.
I was doing some testing with the API for a script that I'm working on. I created a new user that had limited rights to the system, that could basically view the Audit information and that is about all. I used my existing "SuperSales" role, and the Sales Scope that I use for some of our sales people to be able to lookup information about systems. I was testing and everything was working I was specifically using the /assetmgmt/agentsinview/ endpoint to retrieve a listing of all machines matching the Server View and everything was working.
I then decided that I would rather have a custom Scope defined for the this API user, so that I could further limit which organizations that it would have access to. I created the new Scope and replaced set that scope (APIScope) as the only scope for the API user. I actually matched exactly the same organizations in the scope as the Sales Scope initially. Now when I run the exact same API query against the end point it returns no machines. I even changed to use the assetmgmt/agents endpoint to show all agents, and I get nothing.
I logged into the full web interface with the API user, and verified that the scopes work correctly there, and it's seeing everything that it should. I then did further testing using a more limited scope that had been previously been defined which has been limited to a single organization. I run the query against the /assetmgmt/agents endpoint and it properly returns all agents in the single organization that is included in that scope. I then modified that scope to include a second organization, and re-ran the API query, it still only returns the machines from the first organization. I log into the web interface as the API user, and I can see machines from both scopes. I also tried completely deleting the API user and creating a new user, with the same exact results.
So from all of this testing I can see that my API user seems to work fine with any existing Scopes as is. However when utilizing the API, it does not seem to be recognizing any changes to any scope that I make. (note I'm not changing the scope from the API, but changing the scope that should *apply* to the API user.)
Interesting update... I did some testing this morning, and now the scope changes I made yesterday appear to be working... So there must be some maintenance process that ran overnight and "fixed" the issue? Still a bit concerned though, does this mean I'll have to wait 24 hours after any scope changes I make to apply to API users.
We have someone here who has looked into the API and has done some testing. He's not here right now, but I don't think he worked with the scope in the API.
I do know Kaseya does run daily maintenance tasks that could be the cause of this behaviour. I'm not sure the API has all that much attention from Development, at least not as a primary goal to improve it. I've heard the available options and interaction aren't state-of-the-art. So, it certainly wouldn't surprise me....
It would be nice if someone like Oscar could shed some light on this... Oscar Romero ?
Overall the API is pretty well on par with what I've seen in others like Connectwise, etc. With the exception of this Scope issue it's worked well for what I've needed to do. Honestly at least for what I'm using it for the Scope issue isn't really that big of a deal, as with my current use, I'm simply using it to pull a list of all "fixed disks" on all "Servers" for use with a backup auditing program that I'm writing. It mashes this list as well as the output of Datto's API, and the output from a Storagecraft Shadowcontrol Console into one listing showing me a red/green/yellow dashboard of backup statuses for all fixed disks on servers.
That way if someone adds a new server or even a new volume to a server and forgets to start backing it up we know immediately. So worst case I end up with a new organization I add not showing up on the machine until the next day.