Troubleshooting Service Account Permissions for Event Import

Vlad S. · 2025-10-02 21:37:40.159766+00

another API question: I used a service account to download events from the production workspace, and I would like to use the same service account to test sending those events back, but to staging at first... I added the service account to the staging project (I even gave it admin account) but when I try and use it to send events to the import endpoint I get {"error":"Authenticated user does not have permission \"import_events\" in project #####","status":0}

Mixpanel is headed to Money20/20 October 26 - 29 in Las Vegas, Nevada!

Troubleshooting Service Account Permissions for Event Import | Mixpanel Community

12 comments

· Sorted by Oldest

Vlad S.
·
·
I was able to import them using the token auth... but I would like to know how to use the service account across projects if possible
Andrew S.
·
·
i have not tried a service account across two projects, but I know I was able to do the imports using my service account (I had one service account for exporting from A and then a separate service account for importing to B). what is the URL that you are hitting for your import?
Andrew S.
·
·
is it like https://api.mixpanel.com/import?strict=1&project_id={PROJECT_ID}
Vlad S.
·
·
yeah... I just used the same endpoint to import using a token, so the endpoint is correct... it seems like service accounts are connected to projects in some way that's not made clear in the UI?
Vlad S.
·
·
like I go in that project's service accounts page and it shows up there with permissions and everything
Andrew S.
·
·
yeah that is strange. I see how you can view them at an org level to delete them but all permissions are at a project level so I don't see why you can't assign it to multiple projects
Santi (.
·
·
hi Vlad! can you try to create a new Service Account from "Organization Settings" instead of "Project Settings". You will be able to give it permission to multiple projects:
Vlad S.
·
·
I see! let me try!
Adam
·
·
Hi Vlad S., did you notice any difference? As I understand UI around service account, you can assign project when SA is being created on org level, but also manually assign it to the project on project level settings. However, I have a lot of issues with service account created on org level with Member privileges (not org Admin). This SA behaves odd. Sometimes it works, next several api calls return errors, then next one works. And response from import API is odd too, {"error":"not a project member","status":0} Status 0 is not allowed response code from import API. But, when I use another service account created on org level as org admin, where assignment to project inherits from Organization role, this service account works perfect for every API call.
Vlad S.
·
·
I did not get around to try it... I had finished my data repair by that time, using the service account to export and the token to import them
Vlad S.
·
·
next time I need a service account I'll create it on the org level... it's weird, because there's nothing in the UI to indicate if a service account belongs to the org or to a project...
Vlad S.
·
·
in terms of privileges, I remember reading in the docs that one of the things I wanted to do required the service account to be admin or owner... although the behavior you describe where it sometimes works and sometimes doesn't is odd and very likely a bug; I can't imagine anyone designing an API that purposefully behaves non-deterministically

Loading comments

Vlad S.
·
·
I was able to import them using the token auth... but I would like to know how to use the service account across projects if possible
Andrew S.
·
·
i have not tried a service account across two projects, but I know I was able to do the imports using my service account (I had one service account for exporting from A and then a separate service account for importing to B). what is the URL that you are hitting for your import?
Andrew S.
·
·
is it like https://api.mixpanel.com/import?strict=1&project_id={PROJECT_ID}
Vlad S.
·
·
yeah... I just used the same endpoint to import using a token, so the endpoint is correct... it seems like service accounts are connected to projects in some way that's not made clear in the UI?
Vlad S.
·
·
like I go in that project's service accounts page and it shows up there with permissions and everything
Andrew S.
·
·
yeah that is strange. I see how you can view them at an org level to delete them but all permissions are at a project level so I don't see why you can't assign it to multiple projects
Santi (.
·
·
hi Vlad! can you try to create a new Service Account from "Organization Settings" instead of "Project Settings". You will be able to give it permission to multiple projects:
Vlad S.
·
·
I see! let me try!
Adam
·
·
Hi Vlad S., did you notice any difference? As I understand UI around service account, you can assign project when SA is being created on org level, but also manually assign it to the project on project level settings. However, I have a lot of issues with service account created on org level with Member privileges (not org Admin). This SA behaves odd. Sometimes it works, next several api calls return errors, then next one works. And response from import API is odd too, {"error":"not a project member","status":0} Status 0 is not allowed response code from import API. But, when I use another service account created on org level as org admin, where assignment to project inherits from Organization role, this service account works perfect for every API call.
Vlad S.
·
·
I did not get around to try it... I had finished my data repair by that time, using the service account to export and the token to import them
Vlad S.
·
·
next time I need a service account I'll create it on the org level... it's weird, because there's nothing in the UI to indicate if a service account belongs to the org or to a project...
Vlad S.
·
·
in terms of privileges, I remember reading in the docs that one of the things I wanted to do required the service account to be admin or owner... although the behavior you describe where it sometimes works and sometimes doesn't is odd and very likely a bug; I can't imagine anyone designing an API that purposefully behaves non-deterministically