Getting error "insufficient_scope" in API call | XM Community
Skip to main content

We have set scope "manage:surveys" and "read:surveys" to our Client ID through web interface. After this we generated the Bearer Token from API "https://iad1.qualtrics.com/oauth2/token" and used the generated token in get-list of surveys API call "https://iad1.qualtrics.com/API/v3/surveys", we are getting below error:
       "httpStatus": "403 - Forbidden",
       "error": {
           "errorMessage": "insufficient_scope",
           "errorCode": "AUTH_13.0"
       }
We are getting the same error for all API calls related to surveys.

I have the same - authorised with client credentials and scope manage:all I get an insufficient_scope error looking at surveys and tickets..


Guys, you should add new variable 'scope' and fulfill with the one of the scopes (e.g. 'manage:all') from the list.
https://tools.ietf.org/html/rfc6749#section-3.3 - Auth scope section might help you on that.


Running into the same issues when trying to test the REST API here: https://api.qualtrics.com/guides/reference/users.json/paths/~1whoami/get
I've added the oauth client (manage:all and client_credentials) but when I try to key in the bearer token(from the preceding: https://ca1.qualtrics.com/oauth2/token post), I get this error:
{
"meta": {
"httpStatus": "403 - Forbidden",
"error": {
"errorMessage": "insufficient_scope",
"errorCode": "AUTH_13.0"
},
}
}



Anyone been able to get this working successfully?


I ran into this same issue and contacted the Qualtrics API team about it. MRk was on the right track but I for one couldn't quite translate his ietf.org link into a solution for myself.
You need to include the desired scope when requesting the Bearer Token. (Make sure your account has the permissions for it on the Qualtrics side.) Here is my example code in Python that is now working correctly without producing the 403 - Forbidden error:
base_url = "https://{0}.qualtrics.com/oauth2/token".format(DATACENTER_ID)
data = { "grant_type": "client_credentials", "scope": "manage:users" }
r = requests.post(base_url, auth=(CLIENT_ID, CLIENT_SECRET), data=data)
If you need to define multiple scopes, the support tech said to separate them with spaces. E.g. data = { "grant_type": "client_credentials", "scope": "read:users read:activity_logs read:directory_contacts" }
I asked the Qualtrics API team to update their API documentation to clarify this point because they make no mention of it currently.
I hope this helps someone.


racod thank you, this was extremely helpful to me!


I was trying to work through the "WhoAmI" example under QuickStart and was getting the same error. The solution from racod with respect to adding a scope when requesting the bearer token fixed it for me.
For anyone else trying to follow the Quickstart, I added the "grant_type" and "scope" as body keys under "x-www-form-urlencoded" in Postman.


For someone who uses Postman and set

Content-Type
to
application/x-www-form-urlencoded
, the correct body is:
grant_type=client_credentials&scope=manage:users
, and send as raw text.


Just in case the above solution doesn’t work for you:

Make sure that you have no carriage return in the body string “grant_type=client_credentials&scope=manage:all”.

I was getting repeated errors, and when I looked at the log, I suddenly noticed that I had a line break before scope:

"body": "grant_type=client_credentials&\nscope=manage:all",

When I removed that line break like this, it finally worked:

"body": "grant_type=client_credentials&scope=manage:all",


Leave a Reply