Assistance Needed with Access Token Generation for API Calls

Hi ,
We are currently developing a Ruby script that performs various API calls, including retrieving the identity list, creating and updating sources, and updating schemas, and others. However, we’ve encountered an issue with access token generation across these scenarios.

Although we have generated a Personal Access Token (PAT) with the scope set to sp:scopes:all, we are still experiencing 403 Forbidden errors for several API calls. Given that different API calls require different scopes, we are seeking your guidance on how to generate an access token that would work seamlessly for all the API calls we need to perform.

Any insights or suggestions you could provide would be greatly appreciated.

Thanks,
Divya

Hi @Divya_Sri_123 ,
Couple of things to make sure,

  1. User level permissions with which the PAT is created.
  2. If ‘sp:scopes:all’ is not feasible or returns limited access,break down the token generation process and specify individual scopes needed for the different types of API calls, such as below, and test it to see if that works.
    Screenshot 2024-10-15 at 1.51.12 PM

Hope this helps narrow down the issue!

Hi Divya,

For the Identity you have used to generate token, please ensure that it have the right Privilege inside SailPoint. (For eg: the identity have Role Admin, Admin, Source Admin privilege added as per requirement based on requirement)
Please assign this permission inside the identity and check again.

Hi,

Can you specify what API’s are not working?

By default all V3 and Beta API’s should work for “SP:SCOPES:ALL”.

-Abhinov

Hi @Abhinov7
We are using v2024 api end points.

Thanks
Divya

Hi,

I tried some endpoints in V2024 with sp:scopes:all.

Can you specify which one not working exactly? Also if possible regenerate the PAT again. It will solve the issue.

-Abhinov