08-13-2024 11:44 PM
Hi I got 403 when calling SCIM Users API. below is my setting:
The granted user is a full_admin role.
The application(integration) granted all possible scopes.
The response is
> curl -v -H "Authorization: Bearer $token" "https://webexapis.com/identity/scim/2c995b9c-774e-4105-830c-1d3ef790cd/v2/Users" | jq .
{
"message": "The server understood the request, but refused to fulfill it because the access token is missing required scopes or the user is missing required roles or licenses.",
"errors": [
{
"description": "The server understood the request, but refused to fulfill it because the access token is missing required scopes or the user is missing required roles or licenses."
}
],
"trackingId": "ROUTERGW_78b53e80-b4db-44dc-b0a9-4f45f4b3c5fc"
}
Is there any configuration or license I need to assign to make the SCIM enable? Thanks.
Solved! Go to Solution.
08-14-2024 05:50 AM
@mikechiu1012 the scopes needed for listing users with the SCIM API are mentioned here https://developer.webex.com/docs/api/v1/scim2-user/search-users . If you think your access token has all the right scopes and the user has all access rights, please open a support ticket here https://developer.webex.com/support and we will look into it.
02-11-2025 03:58 AM
@rachelro the SCIM API https://developer.webex.com/docs/scim-2-overview uses the same tokens as the rest of the REST APIs. Not sure why that 403 appeared to be honest, difficult to tell without logs. If you have the requests and tracking IDs you can open a support case https://developer.webex.com/support and our team can look into it, or check with engineering.
02-11-2025 04:00 AM
OK, @Janos Benyovszki Thank you very much!
02-11-2025 03:36 AM
@rachelro deactivating your account might invalidate the access token. I can imagine that you had an old access token that was not working, but then with the reactivation and the generation of the new token, your access rights got applied to the token properly, so it started working.
02-11-2025 03:44 AM
@Janos Benyovszki My token was not old, yesterday I created a new one several times and every time I tried it still didn't work and I got a 403 error, only today it did work for me after I made it deactivating.
so I wanted to understand if there is a connection?
Or if there is some special process in creating a token that will be used for the SCIM API ?
02-11-2025 02:27 AM
@rachelro if your token works from Postman, but not from your app, then it would mean that you are not using the same token in both places. Check for any hardcoded tokens in your code, it might be the cause of the issue. If the same token works from Postman, it should work from your app as well.
02-11-2025 02:48 AM
Hi @Janos Benyovszki,
I noticed that I used the same token in Postman and my app, and after I changed my user status from active to inactive and back to active, I created a new token and then the API did succeed.
could it be related? I made Inactive and then returned to Active?
Thanks!
08-14-2024 05:50 AM
@mikechiu1012 the scopes needed for listing users with the SCIM API are mentioned here https://developer.webex.com/docs/api/v1/scim2-user/search-users . If you think your access token has all the right scopes and the user has all access rights, please open a support ticket here https://developer.webex.com/support and we will look into it.
02-11-2025 12:18 AM
Hi @Janos Benyovszki,
Is there a solution to the problem that @mikechiu1012 presented?
I am also encountering the same problem and my token has all the necessary roles and permissions and the licenses
and more than, that in the test in Postman the API works but does not work in the service I created with the same details one by one.
Thanks in advance!
08-14-2024 07:02 PM
Hi @Janos Benyovszki , thanks for your response. Ok I will open a support ticket. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide