This document provides guidance on the least privileged access required for integrating ConnectWise PSA with Rewst. The aim of this document is to provide the necessary information required to configure the integration securely and to minimize the risk of unauthorized access or data leakage.
For more information on how to authenticate your ConnectWise PSA account check out the Integration Setup page.
To initiate the successful authentication of the ConnectWise PSA integration with Rewst, and pull back the list of companies you want to associate, the following permission scopes are needed:
- System → Member Maintenance: Inquire
- Companies → Company Maintenance: Inquire
{% hint style="danger" %} If you are seeing a 403 Forbidden error when running workflows, this is due to incorrect permissions. Ensure that the above authentication requirements are complete to resolve this error. {% endhint %}
In addition to the above that’s required for authentication, there are several more actions the ConnectWise integration is capable of taking within Rewst. To use them all, you’ll need the following additional Security Roles configured for this account:
- Companies → Configurations: Add, Edit, Inquire
- Companies → Contacts: Add, Edit, Inquire
- Companies → Manage Attachments: Add (My), Edit (My), Delete(My), Inquire
- Companies → Team Members: Inquire
- Service Desk → Service Tickets: Add, Edit, Inquire
- Service Desk → Service Ticket – Dependencies: Add, Edit, Inquire
- Service Desk → Close Service Tickets: Edit, Inquire
- Service Desk → Merge Tickets: Add, Edit, Inquire
- Project → Project Ticket: Add, Edit, Inquire
- Project → Project Ticket - Dependancies: Add, Edit, Inquire
- Project → Close Project Tickets: Edit, Inquire
- System → My Account: Add (My), Edit (My), Delete (My), Inquire (My)
- System → Table Setup: Add, Inquire (Additional customization can be done to allow or disallow tables)
- Time & Expense → Time Entry: Add, Edit, Delete (My), Inquire
- Time & Expense → Time Entry Billable Option: Add, Edit, Delete(My), Inquire
- Finance → Agreements: Inquire
- Finance → Billing View Time: Inquire: ALL *Required for adding billable time to tickets
- Finance → Billing View Time: Edit: ALL *Required for adding billable time to tickets
The following tables outline the various actions the ConnectWise PSA integration can take within Rewst, grouped by their security roles in ConnectWise, and each of their required permission levels to be able to execute them in workflows. We also have a generic request action, that will require any relevant scopes for what it’s being used for. For more information on the ConnectWise API and its required permissions, please refer to the Official ConnectWise API documentation.
Actions | API Endpoint | Required Permission |
---|---|---|
List Companies | /company/companies | Inquire |
Get Company | /company/companies/{id} | Inquire |
List Communication Types | /company/communicationTypes | Inquire |
List Contacts | /company/contacts | Inquire |
Get Contact | /company/contacts/{id} | Inquire |
Create Contact | /company/contacts | Add |
Actions | API Endpoint | Required Permission |
---|---|---|
List Service Tickets | /service/tickets | Inquire |
Get Service Ticket | /service/tickets/{id} | Inquire |
Get Tasks | /service/tickets/{id}/tasks | Inquire |
Create Task | /service/tickets/tasks/{id} | Add |
Create Bulk Tasks | /service/tickets/tasks/bulk | Add |
Update Task | /service/tickets/tasks/{id} | Edit |
Update Service Ticket | /service/tickets/{id} | Edit |
Create Service Ticket | /service/tickets | Add |
Actions | API Endpoint | Required Permission |
---|---|---|
Add Time Entry | /time/entries | Add |
Actions | API Endpoint | Required Permission |
---|---|---|
List Agreements | /finance/agreements | Inquire |