Management API Token from API Explorer Tab does not Contain Expected Scopes

Overview

When getting a Management API token from the API Explorer tab under Management API in Applications > APIs , it is expected all scopes are contained by default. However, when calling a specific endpoint, a user may get the error:

{
"statusCode": 403,
"error": "Forbidden",
"message": "Insufficient scope, expected any of: example:scope",
"errorCode": "insufficient_scope"
}

Applies To

  • Management API Token
  • Grants
  • Insufficient Scope

Cause

It is possible some scopes were deleted or modified at some point under client grants.

Solution

Use the Management API to verify and update the client grants.

  1. Use the Get Client Credentials (GET /api/v2/client-grants) endpoint to verify that the API Explorer Application interacting with the Management API is missing the required grant, get a list of current grants, and find the required grant_id.
  2. Use the Update Client Credentials (PATCH /api/v2/client-grants/{id}) endpoint to manually add back the missing grant types, also ensuring to include all the other grants from the initial GET endpoint.