Data extraction problem

Hello py community.

I am new to python and have done some programming to extract data from Time Doctor API using python. I am successful is in some categories but when I try to access Users data it say that I don’t have permissions to perform this action. I am sharing my code so that you guys can help in finding appropriate correction.

When use the above credentials in time doctor documentation in following link

It works perfectly.

However, in following code: it gives error

#----------Get Users Start of Code

users_url = "" + company_id + "&user=#&manager=#&tag=#&self=#&detail=#&task-project-names=#&no-tag=#&deleted=#&page=#&limit=#&sort=#&filter%5Bid%5D=#&filter%5Bemail%5D=#&filter%5Bname%5D=#&filter%5Btag%5D=#&filter%5Bkeywords%5D=#&filter%5Brole%5D=#&filter%5BshowOnReports%5D=#&filter%5BpayrollAccess%5D=#&filter%5Bscreenshots%5D=#&filter%5Bvideos%5D=#&filter%5Bcreated%5D=#&filter%5BhostName%5D=#&filter%5Bos%5D=#&filter%5BhiredAt%5D=#&filter%5BlastTrack%5D=#&filter%5BlastActiveTrack%5D=#&filter%5BclientVersion%5D=#&filter%5Bip%5D=#&filter%5Bshow-on-reports%5D=#&filter%5Bpayroll-access%5D=#&filter%5Bhost-name%5D=#&filter%5Bhired-at%5D=#&filter%5Blast-track%5D=#&filter%5Blast-active-track%5D=#&filter%5Bclient-version%5D=#&token=" + login_token

users_query = {
  "company": company_id,
  "user": "",
  "manager": "",
  "tag": "",
  "self": "",
  "detail": "",
  "task-project-names": "",
  "no-tag": "",
  "deleted": "",
  "page": "",
  "limit": "",
  "sort": "",
  "filter[id]": "",
  "filter[email]": "",
  "filter[name]": "",
  "filter[tag]": "",
  "filter[keywords]": "",
  "filter[role]": "",
  "filter[showOnReports]": "",
  "filter[payrollAccess]": "",
  "filter[screenshots]": "",
  "filter[videos]": "",
  "filter[created]": "",
  "filter[hostName]": "",
  "filter[os]": "",
  "filter[hiredAt]": "",
  "filter[lastTrack]": "",
  "filter[lastActiveTrack]": "",
  "filter[clientVersion]": "",
  "filter[ip]": "",
  "filter[show-on-reports]": "",
  "filter[payroll-access]": "",
  "filter[host-name]": "",
  "filter[hired-at]": "",
  "filter[last-track]": "",
  "filter[last-active-track]": "",
  "filter[client-version]": "",
  "token": login_token

users_response = requests.get(users_url, params=users_query)

users_data = users_response.json()

Users DATA''')


#----------Get Users End of Code

Here is my output

Users DATA
{'error': 'denied', 'thrown': '2022-06-09T09:27:31.280Z', 'message': "Your don't have permission to perform this action."}

I would be greatful if anyone can help in correcting my mistake.

Looking forward to your support.



Are you sure you are not revealing sensitive data (company_id and login_token)? If so, remove them.

Thank you for including your code. Please, paste the code between triple backticks to preserve the indentation and other important details. Do not skip commands like variable assignments. If possible Include all the code which is needed for replication of the behaviour. Include the outputs and error messages.

command to run your code
your python code here
output of your code (including error messages)

That will keep the formatting which is very important in Python.

Thanks. I ve made the suggested correction


You did not write how did you create the code. I guess you copied it from the documentation. And inserted company_id and login_token, every at two places. Am I right?

The documentation contains a mistake. The url should be just "" because requests.get(url, params=query) creates the part of the URL starting at ? from the query dictionary for you. You should not insert company_id and login_token, every twice.

You can notice that you received a human-readable error message as a response:
"Your don't have permission to perform this action."

  • It is weird that there is a typo: Your
  • The message does not complain about company or token. I am guessing:
    • This permission is allowed only from the documentation page.
    • The server shows a wrong error message and:
      • Your token must be used with the original client IP address, not your computer. I do not know if the documentation page makes the connection from your computer or their server.
      • Your token already expired.
      • The token and/or company needs to be URL-quoted (urllib.parse.quote_plus) Anyway if you do not put the string into the URL as I suggested above, you should be safe.
      • …?

After checking the possibilities above I suggest you:

  • Double checking and comparing what you actually send with the documentation. See for example print(r.url) here: Passing Parameters In URLs
  • Contacting the provider of the API.

Yes I copied the code from the author and pasted it in the language.

I am glad that you have provided a great solution and now I am able to access the users data. May you be blessed.

There were five parameters that were facing similar issue:

  1. Users
  2. Projects
  3. Tasks
  4. Activity
  5. Files

All are working correctly.

Thanks @vbrozik