Mattermost, Inc.

Impossible to update a post through API with bot account?

Do I get it right that bot accounts can only create posts, but not update them?

I can only assign the rights for post:all and post:channel. When I try to make a PUT request with a bot account, I get status 403 with message You do not have the appropriate permissions.

So when I want to update a post following a click on an interactive button, I would have to use a regular user with appropriate permissions for the API request?

Hey @alex_enyway, thanks for the report. In this case, was the post created by a user or an integration, or by the bot account?

There are a couple of considerations that I’ll outline below as well. Let me know if I can help clarify

  1. By default, bot accounts can update their own posts. If your system is using advanced permissions, there may be a chance that post edits are disabled for users.
  2. When creating, or updating, a bot account, you have the option to choose what role the bot account has. If System Admin is chosen, then they can update any posts in the system, along with other System Admin permissions. If your system is using advanced permissions, there may be a chance that post edits are disabled for System Admins as well.

NOTE: For point 2, by giving the System Admin role will enable them with other System Admin privileges so this should be done with care.

1 Like

Hey @jasonblais, that makes sense, thanks!

The original post was made by a slash command. Our users can indeed only edit their own posts, which we don’t want to change for everyone. Neither would I want to give my bot System Admin privileges.

I guess I could make the initial post via an api call by the bot account instead of using the slash command integration’s response payload directly to allow for subsequent post edits by the bot.

Thanks again!

1 Like

Awesome. Let us know if the approach (initial post via an api call by the bot account) helps resolve it for your use case :slight_smile:

Edit: Also added a note of this to our bot accounts FAQ, PR submitted here: https://github.com/mattermost/docs/pull/2882