CiviCRM: access CiviCRM backend and API does not appear to be sufficient to call API4
Overview
Code calling API4 appears to fail with 'Authorization Failure' though the user has CiviCRM: access CiviCRM backend and API privileges. Replacing the call with one to API3 resolves the problem.
Reproduction steps
- Create code calling API4.
- Log in as a user with CiviCRM: access CiviCRM backend and API privileges but no more.
- Got 'Authorization failed'.
Current behaviour
See above.
Expected behaviour
----------------------------------------
Successful call
Environment information
----------------------------------------
Joomla 3.9.18, but I don't think this is relevant.
CiviCRM 5.24.5
Comments
----------------------------------------
We noticed this when we created some custom tokens in CiviMail using hooks and discovered that administrators could send the mail but non-administrators could not. There could, of course, be coding issues in the hook, but the API experts would be better at checking the API code than I am.