When using a read-only collaborator token, PATCH requests to update records return {"code": 200, "success": true, "message": "SUCCESS"} — but the changes are never actually applied. Reading the record back immediately after confirms the values are unchanged.
Expected behavior: Return 403 or {"success": false} with a meaningful error message.
Actual behavior: Returns 200 success, silently discards the write.
Reproduction:
import requests
headers = {"Authorization": "Bearer <read_only_token>", "Content-Type": "application/json"}
resp = requests.patch(
"https://api.vika.cn/fusion/v1/datasheets/<dst_id>/records",
headers=headers,
json={"records": [{"recordId": "<rec_id>", "fields": {"<field>": 99}}]}
)
print(resp.json()) # {"code": 200, "success": True, "message": "SUCCESS"}
# but reading the record back still shows the original value
This is misleading for any application that relies on the API response to confirm a successful write.
When using a read-only collaborator token, PATCH requests to update records return
{"code": 200, "success": true, "message": "SUCCESS"}— but the changes are never actually applied. Reading the record back immediately after confirms the values are unchanged.Expected behavior: Return
403or{"success": false}with a meaningful error message.Actual behavior: Returns
200 success, silently discards the write.Reproduction:
This is misleading for any application that relies on the API response to confirm a successful write.