Get Branding Endpoint: "Insufficient scope, expected any of: read:branding"

Problem statement

When calling the Get branding endpoint the following error is returned: “Insufficient scope, expected any of: read:branding”.

Solution

The access token being used by the Management API must include the read:branding scope. To do this, specify the scope when requesting the access token for the management API, e.g.:

curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'audience=https://{yourDomain}/api/v2/' \
  --data 'scope=read:branding'

It is also possible to include any other scopes that may be required for other endpoints and separate them with a space, e.g.:

curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'audience=https://{yourDomain}/api/v2/' \
  --data 'scope=read:branding update:branding'