Hey all, hoping someone can spot what I’m doing wrong here.
I’m building a fleet monitoring dashboard for our mobile power systems company. We have 100+ installations all reporting to VRM under one Admin account. I’m trying to pull basic data across all sites via the API — specifically:
• Battery voltage
• State of charge
• Solar/PV input power
• Historical averages (3, 7, 30 day)
• Active alarms
Login works great via /auth/login, get a valid Bearer token back every time. I can pull the installations list no problem.
But when I try to hit /installations/{id}/diagnostics or /installations/{id}/stats I get:
{“success”:false,“errors”:“You don’t have sufficient rights to perform this action.”,“error_code”:“forbidden”}
I’m sending the token as X-Authorization: Bearer {token} on every request.
Is there a different auth format needed for these endpoints? Should I be using a Personal Access Token instead of the login token? Or is there a specific header or parameter I’m missing?
I’ve read through the API docs but can’t figure out what’s different about these endpoints vs the installations list which works fine. Feels like I’m just one step away from getting this working. Any help appreciated — probably something obvious I’m overlooking.
Thanks