INSUFFICIENT_SCOPES driving me crazy (in sandbox)

I am able to visit the auth url, which passes the scope in it and redirect back and then obtain the auth token. It is able to get the locations from api, but then when I go to submit an order/payment it just only gives me errors about Insufficient scope

[0] => Square\Models\Error Object
        (
            [category:Square\Models\Error:private] => AUTHENTICATION_ERROR
            [code:Square\Models\Error:private] => INSUFFICIENT_SCOPES
            [detail:Square\Models\Error:private] => The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: [PAYMENTS_WRITE]
            [field:Square\Models\Error:private] => 
        )

in the auth url I’m passing the scope as a + symbol separated list

$square_permissions = urlencode("MERCHANT_PROFILE_READ ITEMS_READ ITEMS_WRITE PAYMENTS_READ PAYMENTS_WRITE INVENTORY_WRITE INVENTORY_READ ORDERS_WRITE CUSTOMERS_READ CUSTOMERS_WRITE GIFTCARDS_READ GIFTCARDS_WRITE");

I have tried also to set the scope when obtaining the token but that didn’t help either.

This is using the latest api version 2022-11-16

Application ID sandbox-sq0idb-cJoWNIMoZGYLVF8Y5nprgQ

Merchant ID 4501ZFC24FBG2

Status API Path Date
403 Payments POST /v2/payments 2022-12-01 15:08:59 GMT-5
403 Catalog POST /v2/catalog/search 2022-12-01 15:08:58 GMT-5
403 Cards POST /v2/cards 2022-12-01 15:08:57 GMT-5
403 Catalog POST /v2/catalog/search 2022-12-01 15:08:57 GMT-5
200 Locations GET /v2/locations 2022-12-01 14:58:53 GMT-5
200 OAuth POST /oauth2/token 2022-12-01 14:58:53 GMT-5

deleting this post as I just realized after much wasted time that it wasn’t properly passing in the scope in the auth url, it was empty. ugh.

Glad to hear you figured it out. Was just going to ask for the URL. lol :slightly_smiling_face: