Scope and URL mismatch when using field selector

I’m working on an internal application using OAuth authentication. If I want to update an organization with an API key, I can PUT /v1/organizations/4:(id,name). However, with OAuth a PUT to that URL doesn’t work even though I am using the scope contacts:full.

The PUT works OK if I omit the field selector with OAuth. The field selector seems to work OK on GET /v1/organizations:(name,id)?start=0&limit=500

Hey @AdrianDewhurst
Thanks for bringing this to our attention. By this, I infer a couple of things
→ that field selectors work in a PUT request if an API token is used
→ the same field selectors don’t work if OAuth tokens are used.

AFAIK, field selectors were built for data retrieval use-cases. However, let me confirm their interoperability with write/update requests.

Yes, the PUT request has a response containing the updated organization details. Adding a field selector in the PUT request with an API token, it restricts which fields are in the response just like with a GET.

This is all a little weird because I actually only want to update 2 fields. If I PUT and the JSON I send only contains the 2 fields I want to update, it leaves the rest of the organization untouched. While that’s my actual goal, I’d have expected PUT to clear out all the other fields in the process, since PUT usually means a complete replacement vs individual field tweaking which is typically done using PATCH. Organizations don’t have PATCH defined in the API docs though.