I have used the azure devops rest API to create an app which consolidates work item changes for our team, for individual build ID's based on a few pipelines, which works wonders.
I have configured my PAT to have access to work items and builds, and successfully used the "Builds - Get Build Changes" endpoint in my current setup.
I wish to now get and consolidate changes between builds by using the "Builds - Get Work Items Between Builds" rest API endpoint. But I seemingly cannot, because it simply returns a "401 - Unauthorized" response.
I have tried it in Postman too. I am unsure why the same Auth configuration returns the expected result for "Builds - Get Build Changes" but returns unauthorized for "Builds - Get Work Items Between Builds"
Out of interest sake, I tried the "Builds - Get Changes Between Builds" end point which returned a successful response.
So, in short: For the same Postman auth configuration:
- "Builds - Get Build Changes" - 200 success response
- "Builds - Get Changes Between Builds" - 200 success response
- "Builds - Get Work Items Between Builds" - 401 Unauthorized response
PAT scope:
- Build: Read
- Release: Read
- Work Items: Read
EDIT:
Just did an exercise - Full access Token worked.
I filtered it down to requiring the following PAT scope
- Build: Read
- Release: Read
- Work Items: Read
- Token Administration: Read & manage
Why do we require Token Administration: Read & manage ?
Help or insight would be appreciated.
Thank you.