403 on Account Disable Via OAuth Client (Client Credentials flow)

I have created a client with the right scope - idn:accounts-state:manage needed by the disable account API. But receiving 403 on accessing the endpoint. Am I missing anything here?

Hi @imagavis ,

Can you / did you test the same API endpoint by using a PAT with the same scope idn:accounts-state:manage ?

I have seen that the documentation mentions that both credential types, PAT and OAuth client are supported. However, in practice, many endpoints do not support OAuth clients.

Therefore, it is generally recommended to use a PAT associated with a dedicated technical identity.

Please use PAT as this endpoint requires User’s Context

Hi Sivagami,

I think you may be using the wrong token type for this use case. It looks like you are using an OAuth client from Admin > Security Settings > API Management > Create API Client. That uses the client credentials flow, so it does not run with a real user context.

For disabling an account, I would suggest testing with a Personal Access Token instead. Create it from your avatar/profile menu under Preferences > Personal Access Tokens, and include idn:accounts-state:manage. If you are only testing quickly, sp:scopes:all can confirm whether it is a scope/context issue.

So my suggestion is:

  1. Create a PAT from a user who has permission to manage accounts.
  2. Generate the bearer token using that PAT.
  3. Retry the disable account API with the same account ID.