Scope for List Surveys API | XM Community
Skip to main content

Cross-posting this because original post is in the wrong place.

 

I’m writing funtions to list surveys and get the description for a specific survey. I’m struggling to determine the minimal necessary scopes for the OAuth client I have created for this purpose.

The scope required for the List Surveys API is not documented. I’ve tried setting read:surveys and manage:surveys in the OAuth client, but when accessing the List Surveys endpoint requesting a scope of read:surveys scope, I get a 403 - insufficient scope error.

If I add the manage:all scope to the OAuth client, but don’t change my request (still requesting read:surveys scope), it works. Why does the request fail when read:surveys is in the client scope, when that is excatly the scope I’m requesting? And why does it work when the client has the manage:all scope? 

What is the required scope for List Surveys and the other /surveys endpoints? 

UPDATE:

Tried again today with a new OAuth client that has the manage:all scope and nothing else. It worked...for a while. Then I started getting ‘client not authorized for requested scope’ errors again. From session to session, the error is not always thrown for the same endpoint. Yesterday it was List Surveys and today it is Start Response Export, and at times, even  Whoami.  Nothing had changed in my code that would affect the API requests.  

Could this error be caused by rate limiting?

FWIW, I’m using the httr2 package in R to access the API and use tryCatch() to handle the httr2_oauth_unauthorized_client condition, which is signaled by httr2::req_perform(). In order to see the actual status code and error message, I had to step through the httr2 code to see the response before the condition is signaled. The status is code is 400, not 403, as I stated in the original post. 

Leave a Reply


Terms & Conditions