Open
Description
Bug Description
Bug description
Auth is failing on GET requests to the /sessions endpoint, with this error:
{"type":"authentication_error","code":"permission_denied","detail":"This action does not support Personal API Key access","attr":null}
Out of curiousity I tried it with a project API key instead, and received the expected error message for using a project key where a personal key should be used:
{"type":"authentication_error","code":"authentication_failed","detail":"Personal API key found in request Authorization header is invalid.","attr":null}
How to reproduce
export POSTHOG_PERSONAL_API_KEY=[Personal_Key]
curl --request GET \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
https://eu.posthog.com/api/projects/:project_id/sessions/values
Can repro with the us subdomain as well.
Additional context
From: https://posthoghelp.zendesk.com/agent/tickets/23109
Debug info
Session: https://us.posthog.com/project/sTMFPsFhdP1Ssg/replay/0194762c-c2b1-74ba-97ce-e14a2c8b3c8e?t=0
Admin: http://go/adminOrgEU/01938e89-f323-0000-2693-863b5b648897 (project ID 41901)
Sentry: http://go/sentryEU/41901