API V2 "invalid_scope" error
Multiple attempts at setting the "scope" param (contactsview, eventsview, contacts, etc) all return the same error:
{"error":"invalidscope","errordescription":"Scope 'eventsview\n' is not available for current client.","erroruri":null}
My client was created with "read only" access. Shouldn't this work?
Eric
shared this idea
The reason was a new line character in scope value.
-
Latest version of oAuth service is able to autodetect maximum allowed scope. Set scope=auto andcheck 'permissions' value in response to detect actualy available scope.
-
Eric thank you for taking the time to post a follow up here. We will pass this on to our team to see what we can do.
-
Eric
commented
FWIW, I figured out the problem. The indication in the error should have been a tip: "Scope 'events_view\n' is not available for current client". The newline was being sent at the end of the POST data, causing the error.
Interestingly, the API was quite happy with a "grant_type=client_credentials\n" in the POST, but not with the trailing newline in "scope=events_view\n". This made it extra-hard to discover.
-
Eric
commented
Note also that I'm using the "APIKEY:api-key" form of authorization, as described in the docs at http://help.wildapricot.com/display/DOC/API+V2+authentication
So not using the "client secret", because this is a "Server application" (selected when creating the key).
