Khoros Global Support Home Start a conversation Sign in
Start a conversation
  1. Khoros Aurora
  2. Troubleshooting
  3. How-To Articles

Resolving "403 - You are not authorized" Error in Khoros Community API Access

Overview

The error "403 - You are not authorized" occurs when attempting to export analytics data using an OAuth 2.0 Client Credentials (cc_hash) access token in a private Khoros community. This issue arises because the token operates in an anonymous context, which is insufficient for accessing protected resources. The problem is resolved by configuring the API app as a "Bulk Data API" app with the Analytics role or using a user-scoped OAuth token. This issue typically occurs when the API app lacks the necessary permissions for the Bulk Data API.

Information

Error Message: "403 - You are not authorized"

Cause: The error occurs when using an OAuth 2.0 Client Credentials (cc_hash) access token in an anonymous context, which lacks the necessary permissions to access protected resources in a private Khoros community.

Resolution Steps

  1. Verify API App Configuration:
    • Ensure your API app is created as a "Bulk Data API" app with the Analytics role.
    • Navigate to Account > Dev Tools > Create App in your community admin UI.
  2. Generate Access Token:
    • Use the OAuth 2.0 Client Credentials grant flow with the shared key from the app to generate your access token.
    • POST to https://<your_community_domain>/t5/s/api/2.1/auth/accessToken.
  3. Submit Export Calls: 
    curl --location 'https://<your_community_domain>/t5/s/api/2.1/analytics/bulk/export?bda.fromDate=YYYY-MM-DD&bda.toDate=YYYY-MM-DD' --header 'Authorization: Bearer [ACCESS_TOKEN]' --header 'Accept: application/json'
    • Ensure the app has the Analytics role; a 403 error indicates a lack of required permissions.
  4. Alternative for Protected API Access:
    • Use the OAuth 2.0 Authorization Grant flow to obtain a user-scoped token for accessing protected API v2.1 endpoints.
    • Ensure the user account has the appropriate Analytics permissions.

Important: Use only API v2.1 endpoints for Aurora communities, as API v2.0 is not supported and may cause errors.

Verification:

  • Confirm that the API app is correctly configured and that the access token is generated with the appropriate permissions.
  • Test the export call to ensure no authorization errors occur.

Note: If issues persist, verify the app type and permissions in Dev Tools, and ensure roles align with your use case.

Frequently Asked Questions

Q1: How do I know if this error applies to my situation?
A1: You'll see the "403 - You are not authorized" error when attempting to export analytics data using an OAuth 2.0 Client Credentials access token in a private Khoros community.

Q2: What should I do if I continue to receive a 403 error?
A2: Ensure your API app is configured as a "Bulk Data API" app with the Analytics role. If the error persists, verify the app's permissions and roles in Dev Tools.

Q3: Can I use API v2.0 endpoints in Aurora communities?
A3: No, use only API v2.1 endpoints for Aurora communities, as API v2.0 is not supported and may result in errors.

Q4:What if I need to access protected resources in a private community?
A4: Use a user-scoped OAuth token obtained through the OAuth 2.0 Authorization Grant flow, ensuring the user has the necessary permissions.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Ciprian Nastase

  2. Posted

Comments