User Unauthorized to perform action - 403

Hello,
I am trying to perform the following action and getting an error or status code 403 “user unauthorized to perform action”.

Action:
mutation {

                create_item (board_id: 344121329, group_id: new_group63732, item_name: "some name", column_values : "{\"person\" : {\"personsAndTeams\" : [{\"id\" : 11471200, \"kind\" : \"person\"}]}, \"contact_method\" : {\"ids\" : [1]}, \"phone\" : {\"phone\" : \"\", \"countryShortName\" : \"US\"}, \"email\" : {\"email\" : \"[test@test.com](mailto:test@test.com)\", \"text\" : \"[test@test.com](mailto:test@test.com)\"}, \"text01\" :  \"test\", \"status\" : {\"index\" : 1}}" ) {id}}

Response:
{
“error_code”: “UserUnauthroizedException”,
“status_code”: 403,
“error_message”: “User unauthorized to perform action”,
“error_data”: {}
}

I have verified token and queries working with no issues.

Any help is greatly appreciated.

Hi @nw5 Welcome to the community!

Have you generated this token using oAuth2? It looks like you haven’t added the boards:write scope.

If you enable this and then regenerate the token, it should let you create the item.

Hi @mitchell.hudson

No I have been using the API v2 token.

Where would I enable the boards:write scope and regenerate an oAuth2 token?

Thanks

Hey @nw5 - if you navigate to your application from the ‘Developers’ section, you can click on the ‘Features’ section and add the boards:write scope.

-Daniel

Hey @dsilva

I am not using an application. I am adding items to my boards from forms on a webpage. Everthing was working properly until about a week ago. Now getting the error above when running the mutation code.

Any thoughts?

Thanks

Hey @nw5,

Is this your API key that is being used? If so - could you please confirm that you still have access to the board if you try to access it through the website?

We usually see this error if a user has recently made a change to the board (like making it private).

-Daniel

Hi @dsilva

Yes the API key is being used.

Yes I can view the board on the website. I am trying the mutation command inside the API playground as well and getting the same error.

I don’t see any changes to the board or table so I am confused why I am now getting the user unauthorized error.

Thanks

Hey @nw5 - apologies for the followup question here. Is it your own API key being used here? If so - could you check if you also still have permission to write to the board? You can test this by trying to add a test item to the board on the interface.

-Daniel

Hi everyone

I have the same problem, It is my own API key, I have permission to write to the board and I already add an item through the interface.

Carlos

Hi all! To confirm: Viewers will not be able to utilize the GraphQL API. I commonly see this error popping up for these types of users.

For Guests users if they were able to grab their API key (say they used to be an admin user, then was changed to a Guest), this should work for them.