Insufficient Scope Error

I started seeing this today, while everything was working fine about 2 weeks back.

I’m receiving the below error when trying to run a query using API Explorer.

  "errors": [
      "code": "INSUFFICIENT_SCOPES",
      "detail": "The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: [ORDERS_READ]",
      "category": "AUTHENTICATION_ERROR"

Can you share your application id? What endpoint are you hitting when you receive this error?

App Id: sq0idp-LXyFOXjv_dK-4GfvXPdVQQ

Orders - Batch Retrieve

And when I try to access using the API through my code, I’m able to access the Payments, when I try to read the Order using BatchRetrieve Request, I get a message, “Waiting for activation”

I’m not seeing any order endpoints being hit with that application id. I only see ListPayments being called and a very small amount of ListEmployees. Is it through a different application?

Oops. I don’t think so. I’m calling the ListPayments from the same program and App Id.

I’m still not seeing any, hmmm. Is this for a specific location_id or merchant_id? I can try searching for one of those instead.

I think we just have one Location Id and Merchant Id. Silly question but how can I know if we have any other Merchant Id?


  • Is there anything I can try that would help debug this problem? We have to get all our payments into our main system by 12/28/2020. I’m running out of time!

  • I updated the API Version recently. but that was also in attempt to solve this issue. Stating here in case that helps

  • Im using to make the API requests. I updated the library today.

  • This is the exception Im getting ApiException: HTTP Response Not OK

Apologies for the confusion here, I didn’t realize these errors do not log the application id. I was able to find it using your location id tied to your application. So, looking your access tokens up, I see you’ve created several, I’m guessing through OAuth. Several of them only have PAYMENTS_READ permission, so this error is accurate: you need ORDERS_READ permission. If you are using OAuth, you need to be sure to include all of the scopes in the OAuth authorization URL.

No problem. I apologize for getting a little impatient as well.

I just refreshed a token using API Explorer adding Payments_read and Orders_Read scopes. But Im still getting the same error.

That will not work, you cannot add scopes via the API. You must go through the OAuth authorization url again. Refreshing the token will generate a new token with the same permissions. If you passed the scopes parameter, that’s only for reducing the scopes, not adding new scopes.

1 Like

That was it! Thank you so much Stephen! I really appreciate your help.

1 Like