API GET Testsuite - unauthorized

I am trying to use the API to get the list of test suites available within my bot. I have successfully used the API to obtain content variables and other interactions, but all the test suite interactions are giving me a 401 Unauthorized.

My app is enabled in the BotBuilder API Scopes with permissions:

  • Batch Test Execution
  • Batch Tests Management
  • Import Variables
  • Export Variables

Can anyone else get the Test Suite API to work? Am I missing a permission or something somewhere else?

Test code below:

import jwt
import requests

appId = "my appId"
clientKey = "my appKey"
botId = "my botId"

payload = {
  "appId": appId,
jwt = jwt.encode(payload, clientKey, algorithm="HS256")

headers = {'auth': jwt,
        'bot-language': 'en',
resp = requests.post('https://bots.kore.ai/api/1.1/public/builder/stream/'+botId+'/variables/export',
print("Variables export:", resp) # gives a 200 Success

resp = requests.get('https://bots.kore.ai/api/public/bot/'+botId+'/testsuite',
print("Testsuite get:", resp) # gives a 401 Unauthorized

if not resp.ok:
  print("Failed REST call to", resp.url)
  print("Status Code:", resp.status_code)
  print("Reason:", resp.reason)

I would request you to try with postman first. Please double check if you are signing the jwt with secret. It is important.

Thank you for your suggestions.

  1. I have tried Postman, and experience the same results. Using the same JWT, the API call ‘get_variables’ succeeds, while ‘get_testsuites’ fails.
  2. I have tested the JWT generated by the code above in the Kore JWT debugger. It contains the expected fields, and is validated against the bot’s client secret.
  3. If the JWT was bad, then BOTH API calls would fail. Instead one works, and one fails.
  4. If the request format was wrong, I would expect a Bad Request error. Instead I get an Unauthorized error. I therefore suspect that the BotBuilder API permissions are incorrect. I am hoping someone else can check that they are able to successfully use the ‘get_testsuites’ API call, and advise what permissions they had to set.