Insufficent scope when trying to make a call using As-User header

SOLVED
Go to solution
Highlighted
New Contributor

Insufficent scope when trying to make a call using As-User header

When I try to list a folder on behalf of another user I get the error message.

Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."

My scopes: root_readwrite,manage_managed_users,gcm

I test it with an account not connected to the account which have created the application, with a co-admin role. Of course I have as-user option activated on the application. Do I need to add another scope?

 

Alternatively, how to list root folders of all users belonging to an organization?

3 REPLIES 3
Highlighted
Box Employee

Re: Insufficent scope when trying to make a call using As-User header

Hello @tszatkowski1

 

A few possibilities I can think of: 

  • If this is a JWT app, did you reauthorize it in the admin console after enabling the as-user header? 
  • Did you obtain a new token pair after enabling the as-user header? 
  • Are you using a primary admin or co-admin token with high enough privileges to make the call? 
Highlighted
New Contributor

Re: Insufficent scope when trying to make a call using As-User header

  • It's not JWT.
  • Yes, many times.
  • I made sure that I use a co-admin account with "Log in to users' accounts" permission.
Highlighted
New Contributor

Re: Insufficent scope when trying to make a call using As-User header

The scope required for As-User calls is `admin_on_behalf_of`