Getting error "insufficient_scope" in API call

danwbddanwbd Community Member Qubie ✭
edited April 8 in Qualtrics API

Getting error "insufficient_scope" in API call

We have set scope "manage:surveys" and "read:surveys" to our Client ID through web interface. After this we generated the Bearer Token from API "https://iad1.qualtrics.com/oauth2/token" and used the generated token in get-list of surveys API call "https://iad1.qualtrics.com/API/v3/surveys", we are getting below error:

       "httpStatus": "403 - Forbidden",

       "error": {

           "errorMessage": "insufficient_scope",

           "errorCode": "AUTH_13.0"

       }

We are getting the same error for all API calls related to surveys.

Answers

  • RichyRichRichyRich LondonCommunity Member Qubie ✭

    I have the same - authorised with client credentials and scope manage:all I get an insufficient_scope error looking at surveys and tickets..

  • MRkMRk Community Member Qubie ✭
    edited February 26

    Guys, you should add new variable 'scope' and fulfill with the one of the scopes (e.g. 'manage:all') from the list.

    https://tools.ietf.org/html/rfc6749#section-3.3 - Auth scope section might help you on that.

  • jaysonworjaysonwor Community Member Qubie ✭
    edited April 4

    Running into the same issues when trying to test the REST API here: https://api.qualtrics.com/guides/reference/users.json/paths/~1whoami/get

    I've added the oauth client (manage:all and client_credentials) but when I try to key in the bearer token(from the preceding: https://ca1.qualtrics.com/oauth2/token post), I get this error:

    {
      "meta": {
        "httpStatus": "403 - Forbidden",
        "error": {
          "errorMessage": "insufficient_scope",
          "errorCode": "AUTH_13.0"
        },
      }
    }
    
    
    


    Anyone been able to get this working successfully?

  • racodracod Oregon, USACommunity Member Qubie ✭

    I ran into this same issue and contacted the Qualtrics API team about it. MRk was on the right track but I for one couldn't quite translate his ietf.org link into a solution for myself.

    You need to include the desired scope when requesting the Bearer Token. (Make sure your account has the permissions for it on the Qualtrics side.) Here is my example code in Python that is now working correctly without producing the 403 - Forbidden error:

    base_url = "https://{0}.qualtrics.com/oauth2/token".format(DATACENTER_ID)

    data = { "grant_type": "client_credentials", "scope": "manage:users" }

    r = requests.post(base_url, auth=(CLIENT_ID, CLIENT_SECRET), data=data)

    If you need to define multiple scopes, the support tech said to separate them with spaces. E.g. data = { "grant_type": "client_credentials", "scope": "read:users read:activity_logs read:directory_contacts" }

    I asked the Qualtrics API team to update their API documentation to clarify this point because they make no mention of it currently.

    I hope this helps someone.

Sign In to Comment