User Unauthorized to perform action - 403

nw5 · March 10, 2021, 3:27pm

Hello,
I am trying to perform the following action and getting an error or status code 403 “user unauthorized to perform action”.

Action:
mutation {

                create_item (board_id: 344121329, group_id: new_group63732, item_name: "some name", column_values : "{\"person\" : {\"personsAndTeams\" : [{\"id\" : 11471200, \"kind\" : \"person\"}]}, \"contact_method\" : {\"ids\" : [1]}, \"phone\" : {\"phone\" : \"\", \"countryShortName\" : \"US\"}, \"email\" : {\"email\" : \"[test@test.com](mailto:test@test.com)\", \"text\" : \"[test@test.com](mailto:test@test.com)\"}, \"text01\" :  \"test\", \"status\" : {\"index\" : 1}}" ) {id}}

Response:
{
“error_code”: “UserUnauthroizedException”,
“status_code”: 403,
“error_message”: “User unauthorized to perform action”,
“error_data”: {}
}

I have verified token and queries working with no issues.

Any help is greatly appreciated.

mitchell.hudson · November 4, 2020, 12:57am

Hi @nw5 Welcome to the community!

Have you generated this token using oAuth2? It looks like you haven’t added the boards:write scope.

If you enable this and then regenerate the token, it should let you create the item.

nw5 · November 4, 2020, 1:24am

Hi @mitchell.hudson

No I have been using the API v2 token.

Where would I enable the boards:write scope and regenerate an oAuth2 token?

Thanks

dsilva · November 4, 2020, 9:24pm

Hey @nw5 - if you navigate to your application from the ‘Developers’ section, you can click on the ‘Features’ section and add the boards:write scope.

-Daniel

nw5 · November 4, 2020, 9:47pm

Hey @dsilva

I am not using an application. I am adding items to my boards from forms on a webpage. Everthing was working properly until about a week ago. Now getting the error above when running the mutation code.

Any thoughts?

Thanks

dsilva · November 5, 2020, 10:26pm

Hey @nw5,

Is this your API key that is being used? If so - could you please confirm that you still have access to the board if you try to access it through the website?

We usually see this error if a user has recently made a change to the board (like making it private).

-Daniel

nw5 · November 5, 2020, 11:01pm

Hi @dsilva

Yes the API key is being used.

Yes I can view the board on the website. I am trying the mutation command inside the API playground as well and getting the same error.

I don’t see any changes to the board or table so I am confused why I am now getting the user unauthorized error.

Thanks

dsilva · November 5, 2020, 11:39pm

Hey @nw5 - apologies for the followup question here. Is it your own API key being used here? If so - could you check if you also still have permission to write to the board? You can test this by trying to add a test item to the board on the interface.

-Daniel

Carlos-i · January 12, 2021, 6:00pm

Hi everyone

I have the same problem, It is my own API key, I have permission to write to the board and I already add an item through the interface.

Carlos

Helen · March 10, 2021, 3:27pm

Hi all! To confirm: Viewers will not be able to utilize the GraphQL API. I commonly see this error popping up for these types of users.

For Guests users if they were able to grab their API key (say they used to be an admin user, then was changed to a Guest), this should work for them.

Helen · March 15, 2021, 3:53pm