Overview
When getting a Management API token from the API Explorer tab under Management API in Applications > APIs , it is expected all scopes are contained by default. However, when calling a specific endpoint, a user may get the error:
{
"statusCode": 403,
"error": "Forbidden",
"message": "Insufficient scope, expected any of: example:scope",
"errorCode": "insufficient_scope"
}
Applies To
- Management API Token
- Grants
- Insufficient Scope
Cause
It is possible some scopes were deleted or modified at some point under client grants.
Solution
Use the Management API to verify and update the client grants.
- Use the Get Client Credentials (GET /api/v2/client-grants) endpoint to verify that the API Explorer Application interacting with the Management API is missing the required grant, get a list of current grants, and find the required grant_id.
- Use the Update Client Credentials (PATCH /api/v2/client-grants/{id}) endpoint to manually add back the missing grant types, also ensuring to include all the other grants from the initial GET endpoint.