No Ticket Articles available through API

There is a similar topic Unable to create ticket article through API, but I think it is a different problem.

You can execute without problems:

curl -H "Authorization: Token token=<your_token>" -H "Content-Type: application/json" -H "X-On-Behalf-Of: <user_id>" -X GET https://<your_url>/api/v1/tickets/

So you can get a Ticket Resource, e.g. from the PHP client.

If you want to access the articles of a ticket

curl -H "Authorization: Token token=<your_token>" -H "Content-Type: application/json" -H "X-On-Behalf-Of: <user_id>" -X GET https://<your_url>/api/v1/ticket_articles/by_ticket/<ticket_id>

This results in a

{"error":"Not authorized","error_human":"Not authorized"}

The API token has ALL available permissions and it it works with basic auth.

Same goes for the Ticket Resource I mentioned above. The call ticket.getTicketArticles in the PHP client also fails. You have to call unsetOnBehalfOfUser before.

I think this is a confusing way of implementation for developers. You have a valid ticket resource, so you also should be able to access its articles. And as written in the API docs, you need the permission ticket.agent, which I have in my API token.

I use Zammad version 3.5

Is the user_id correct? Try to change it to user_login

The value of the header has to contain one of the following values:

user id
user login
user email

And remove -H "Content-Type: application/json" You use GET request and no send JSON data.

Yes, thanks for the hint with the Content Type, but the result is the same.

User ID is correct. Same effect with user email. And you have to consider, it works fine with basic authentication.

may be token expired?
Screenshot_2020-09-24 IST ServiceDesk - Token Access

No. The requests for tickets on behalf of a user works. Here the API Token:

Sorry but I can’t reproduce that.
Ensure that the user you’re requesting “on behalf of” has enough user permissions to actually view the ticket in question.