How long does it take for the API to switch from read only to full access ?

Hello

I have changed it about 30min ago and it still is not letting me delete any submission with a unauthorized access response

If you are just switching the access from "Read-only" to "Full Access" then that should be immediate I believe.

I understand you are using your API key on a custom script that allows you to delete submissions. May I know what is the form associated with the said API key? And if it is possible to share a part of the script?

If you are deleting the submissions of a shared form to you using your own API, then I believe it won't work. The account API to where the form is stored should be the one used when you want to delete submissions via API. I tested this and was getting unauthorized access if I used my own API to delete a shared form's submission.

I hope that helps.

Great thanks for the info, this is exactly my case!

Why does the API block such delete while we can delete it no problem through the browser ?

Will this change in the future?

Can you please indicate if you have created your own API to delete submission or not? We are assuming you have and is the reason you are getting the UNAUTHORIZED ACCESS error. This is due to our security. Since it is an unknown API, we do not give access to does API as anyone may be able to access and delete submission. This would be a great security risk and would probably never change.

It's not "my own". I use JotForm API with the provided C# library from api.jotform.com

Apologies for the confusion.

What we meant is the use of API key, if you are deleting the submission on a form shared to you via API calls, then you cannot delete the submission if you'll use your own API key, you need to use the API key of the account to where the form is stored (meaning the main account).

Now, you are a sub user of the shared form, you are not the own technically, the main account can set permission access either he/she allows you to edit the form or just view its submissions. She can also remove the form shared to your anytime. It is actually mentioned in this guide: https://www.jotform.com/help/232-How-to-Share-Forms-with-a-Sub-Account-User 

Imagine if you are a sub user and your API key can change someones account and form data, like deleting submissions, that will open some security issues and will most likely bypass the permission set on the shared forms. 

So if you need to make changes on the account and the form using API method, then you will need to use the main account's API key. 

Let us know if we misunderstood your concern.

Thank you for providing more details.

I understand the security issue in being able to modify a form I do not own, however, as you indicated we can set permissions on shared forms. I am able to delete submissions from this very form but when I go through the website in the "Shared with you" subfolder only. To me it seems that I do have the "delete" permission, why would this work through the website and not the api ?

I think that this is the same as mentioned above, it only gives access to delete submissions through the website, it means you need to be logged into your account in order to have this functionality, this is not the same like using the API, I think that this may be better explained by one of our developers so you may send an email to the API team at api@jotform.com. 

I just want to share the below answer I received from the API team. I did not try yet.

"You were correct - it was happening because it was a shared form. However, it has now been fixed so you will be able to delete the submissions successfully."

Thank you for updating us. And apologies for the confusion.

I did try testing the shared form and tried deleting the submission of it using the sub user's API. However, I'm still getting unauthorized accessed. 

It would be best to contact directly API team, I see you have already discussed this to them and so that we can avoid confusion. However, please do let us know how it goes.