Simple API Example (insufficient_scope)



  • Official comment
    Daniel Myers

    Thanks for the feedback Shaun McPeck - going to forward this over to engineering and see if they agree with the changes and can update the docs!


    Comment actions Permalink
  • Avatar
    Shaun McPeck


    The winning code for the token request was:

    auth_url = ""
    body = {
    'client_id': client_id,
    'client_secret': client_secret,
    'grant_type': 'client_credentials'

    response =, data=body)

    Documentation has all variables in the queryString AND the POST body. This is confusing and superfluous. It seems that the scopes MUST be in the queryString, but other variables are just fine in the request body.

    An update to the documentation would be a great help here so we know what is actually consumed from each location. There's no need to be passing everything in both places, it is messy.

    Also, passing back what seems to be a scope-less token isn't very helpful. Maybe an error message there instead?


    Comment actions Permalink
  • Avatar
    Andrew Dai

    Hi Shaun,

    Glad you found a working combination. An alternative fix is to change the '+' to a ' ' (space) delimiter in the scope request. This is more standard, and will work correctly. We'll update the documentation here, as well as see if we can make the repeat in query and body more concise. We've had some issues with how Postman works vs cURL in the past, but we'll check to see if we can just stick with one or the other.

    Comment actions Permalink

Please sign in to leave a comment.