Getting error: Insufficient scope

I’m trying to connect my app to the Amazon Advertising API using an API Connector. It uses OAuth2 User-Agent flow (I think - I’m not 100% on APIs. The API gives an auth token and a refresh token, auth token expires after 1 hour. User-Agent seems the best fit for what I have to send). It says “You haven’t tested this API in run mode and authenticated with AmAdAPI yet. You need to do this first to setup calls and to test the URLs and keys.”. So I’ve created a workflow and connected using Signup/login with API (which is hidden as login with Social Media), and it successfully takes me to login with Amazon.

Then it takes me back to my app page and gives me the following error:

raw error:{“error_description”:“The access token provided does not have required scope”,“error:”“insufficient scope”}

I’ve also noticed that the URL has “scope=cpc_advertising%3Acampaign_management” in it twice when it gives me this error, after logging in with Amazon. It doesn’t have anything else relevant in the URL, and it doesn’t take me as far as granting access to the app to access my Amazon Advertising account, either.

I have previously connected successfully to the API using Postman, and have also been able to get Auth/Refresh tokens using APIs with none or self-handled authorization and storing the tokens in the User as text, but I feel that this is inherently insecure, and I also haven’t found the right way to automatically put the auth token into the header for subsequent post/get requests.

My setup is right here:

And the documentation for Amazon Advertising API is here: Amazon Advertising Advanced Tools Center

1 Like

The token you’re using doesn’t have the permission for what you’re calling for.

But I’m not using a token - I’m trying to get a token. And these are exactly the same things as I have used to get an auth token using a) Postman and b) doing it all manually in Bubble and storing the result in User.