Simple API Example (insufficient_scope)
I'm trying to get things off the ground with the API and am having some scoping issues that don't make any sense.
I get my token just fine. I'm using the default scopes in my token request, which include:
structures.view+structures.edit
Afterward, a simple GET to the /structures endpoint gives me a 403 response with the message "insufficient_scope." Can't make heads or tails of this based on the documentation.
Here's a screenshot of my Jupyter Notebook that I'm playing around with:
-
Official comment
Thanks for the feedback Shaun McPeck - going to forward this over to engineering and see if they agree with the changes and can update the docs!
Cheers,
DanComment actions -
Fixed!
The winning code for the token request was:
auth_url = "https://api.flair.co/oauth2/token?scope=thermostats.view+structures.view+structures.edit"
body = {
'client_id': client_id,
'client_secret': client_secret,
'grant_type': 'client_credentials'
}
response = requests.post(auth_url, data=body)Documentation has all variables in the queryString AND the POST body. This is confusing and superfluous. It seems that the scopes MUST be in the queryString, but other variables are just fine in the request body.
An update to the documentation would be a great help here so we know what is actually consumed from each location. There's no need to be passing everything in both places, it is messy.
Also, passing back what seems to be a scope-less token isn't very helpful. Maybe an error message there instead?
-
Hi Shaun,
Glad you found a working combination. An alternative fix is to change the '+' to a ' ' (space) delimiter in the scope request. This is more standard, and will work correctly. We'll update the documentation here, as well as see if we can make the repeat in query and body more concise. We've had some issues with how Postman works vs cURL in the past, but we'll check to see if we can just stick with one or the other.
Please sign in to leave a comment.
Comments
3 comments