TLDR: What am I missing that will allow me access to more of the API?
I'm trying to use StrongLoop's API Explorer to enter some dummy data for testing, but the majority of the API routes respond with 'Authorization Required' even with the access token set.
I have two models Parent and Child. Parent extends the built-in User class, and has many Child(ren). Child extends the built-in PersistedModel class and belongs to Parent. I've tested this out by setting ACLs for both models, and by not setting ACLs for either model, so I'm not sure if it has anything to do with ACLs.
The API Explorer lets me create and login a Parent, and successfully returns the access token. I then set the access token at the top of the screen, which visually responds with 'Token Set'. At this point I feel like I should have access to most of the API routes. I'm basing that assumption on this page in the documentation, which says 'You can now execute certain REST operations. Certain operations are restricted, even if you are authenticated. For example, you can't view other users' records.' I'm not.
When I try out API routes like POST /Parents/{id}/children which is described as 'Creates a new instance in children of this model', I receive an 'Authorization Required' response.
I was successfully able to create a Child using POST /Children, but then when I try GET /Parents/{id}/children which is described as 'Queries children of parent`, I again receive an 'Authorization Required' response.
What am I missing?
It turned out to be the ACLs after all. My Parent model extends the built-in User model, which I assume has strict ACLs built into it somewhere. I setup some basic read, write, execute ACLs on my Parent model, and now I have access to most of the API.