Error: permission_denied
The token is valid but does not have the scope required for this operation.
permission_denied
permission_deniedHTTP status: 403
Your token is valid, but it doesn't have the scope required for this operation.
Why this happens
- The token was created with a restricted scope set (e.g.,
prequalifyonly) and you are calling an endpoint outside that set. - You are using a read-only token on a mutating endpoint.
- The operation requires a higher-privilege token than the one in use.
What to do
- Check the
detailfield — it names the specific scope that was missing. - Generate a new token with the required scope:
- Go to dashboard.isaapi.com
- API Keys → New token
- Select the required scopes and save
- Update your deployment environment with the new token.
- If you believe your token should have this scope and it does not, contact [email protected].
Example response
{
"type": "https://zyins.isaapi.com/errors/permission-denied",
"title": "Permission denied",
"status": 403,
"detail": "This token does not have the 'quote' scope. Generate a new token with the required scope from the Dashboard.",
"code": "permission_denied",
"advice_code": "generate_scoped_token",
"param": null,
"request_id": "req_01HZK2N5GQR9T8X4B6FJW3Y1AS"
}SDK exceptions
| Language | Exception class |
|---|---|
| TypeScript | IsaPermissionDeniedError |
| Python | IsaPermissionDeniedError |
| Go | *zyins.PermissionDeniedError |
| PHP | Isa\Sdk\Zyins\Exception\IsaPermissionDeniedException |
| C# | IsaPermissionDeniedException |
See also
Updated about 10 hours ago