Overlay API Calls: Not working with View or Admin rights

Hi,
Overlay-Api Call’s didn’t work with View or Admin rights (only with “Super-User Rights”):

Scenario:

  1. Piwik-Account with view-rights (or admin-rights).
  2. Overlay.getFollowingPages Api-Call in a Browser without a Matomo-Login AND anonymous = No Access Rights <== Important!!! Example:
    https://demo.matomo.org/index.php?module=API&method=Overlay.getFollowingPages&url=https://forum.matomo.org/&idSite=7&period=year&date=yesterday&format=xml&token_auth=<USER-ACCOUNT-TOKEN –WITH-VIEW-RIGHT>
  3. Error: You can’t access this resource as it requires ‘view’ access for the website id = 7

=> Other Api-Methods with this “View-token” are working. For example: Actions.getPageUrl

More Informations:

  • The Overlay.getFollowingPages call is working, with “&token_auth=anonymous” after adding View-Rights to User “Anonymouse”.
  • The Overlay.getFollowingPages call is working after adding “Super User Rights” to the account with the used Token.

Could you please fix this bug.
Thank you! :grinning:
Thomas

Please create an issue here, if you are able to.

Ticket is created:
https://github.com/matomo-org/matomo/issues/12635