User Unauthorized to perform action - 403

monday Apps & Developers
#1

Hello,
I am trying to perform the following action and getting an error or status code 403 “user unauthorized to perform action”.

Action:
mutation {

                create_item (board_id: 344121329, group_id: new_group63732, item_name: "some name", column_values : "{\"person\" : {\"personsAndTeams\" : [{\"id\" : 11471200, \"kind\" : \"person\"}]}, \"contact_method\" : {\"ids\" : [1]}, \"phone\" : {\"phone\" : \"\", \"countryShortName\" : \"US\"}, \"email\" : {\"email\" : \"[test@test.com](mailto:test@test.com)\", \"text\" : \"[test@test.com](mailto:test@test.com)\"}, \"text01\" :  \"test\", \"status\" : {\"index\" : 1}}" ) {id}}

Response:
{
“error_code”: “UserUnauthroizedException”,
“status_code”: 403,
“error_message”: “User unauthorized to perform action”,
“error_data”: {}
}

I have verified token and queries working with no issues.

Any help is greatly appreciated.

#2

Hi @nw5 Welcome to the community!

Have you generated this token using oAuth2? It looks like you haven’t added the boards:write scope.

Screen Shot 2020-11-04 at 11.56.25 am
Screen Shot 2020-11-04 at 11.56.25 am1442×130 5.49 KB

If you enable this and then regenerate the token, it should let you create the item.

#3

Hi @mitchell.hudson

No I have been using the API v2 token.

Where would I enable the boards:write scope and regenerate an oAuth2 token?

Thanks

#4

Hey @nw5 - if you navigate to your application from the ‘Developers’ section, you can click on the ‘Features’ section and add the boards:write scope.

-Daniel

#5

Hey @dsilva

I am not using an application. I am adding items to my boards from forms on a webpage. Everthing was working properly until about a week ago. Now getting the error above when running the mutation code.

Any thoughts?

Thanks

#6

Hey @nw5,

Is this your API key that is being used? If so - could you please confirm that you still have access to the board if you try to access it through the website?

We usually see this error if a user has recently made a change to the board (like making it private).

-Daniel

#7

Hi @dsilva

Yes the API key is being used.

Yes I can view the board on the website. I am trying the mutation command inside the API playground as well and getting the same error.

I don’t see any changes to the board or table so I am confused why I am now getting the user unauthorized error.

Thanks

#8

Hey @nw5 - apologies for the followup question here. Is it your own API key being used here? If so - could you check if you also still have permission to write to the board? You can test this by trying to add a test item to the board on the interface.

-Daniel