Hi team —

I’m trying to set up a fresh Frame.io API integration using Adobe IMS OAuth and I’m consistently getting blocked at the API layer even though the OAuth flow itself is working.

What’s working

• Created a fresh Adobe Developer Console project

• Added the Frame.io API

• Configured OAuth Web App credentials

• Used Authorization Code flow (not server-to-server)

• Requested scopes:

• openid

• additional_info.roles

• offline_access

• profile

• email

• User successfully approves the app

• Token exchange succeeds

• Access + refresh tokens are issued successfully

What’s failing

All Frame.io API calls return 403 Forbidden, including:

• GET /v2/me

• GET /v4/me

• GET /v4/accounts

• GET /v4/teams

• GET /v2/teams

• GET /v4/assets

So this does not appear to be just a /me endpoint issue.

Additional notes

• This was tested with a brand new Adobe app/client

• Old local tokens/config were deleted before retrying

• The access token decodes correctly and includes:

• openid, additional_info.roles, offline_access, profile, email, AdobeID

• OAuth flow and token issuance are both successful

• The same token fails across both v2 and v4 API endpoints

Question

Does this indicate that my Frame.io user/workspace is not fully linked or entitled for API access on the backend, even if Adobe login appears to be working in the UI?

If so, what exact account/workspace state should I verify, or what needs to be enabled on your side?

Thanks — trying to determine whether this is still a configuration issue on my end, or whether the account linkage / API entitlement needs support intervention.

Hi @newvisions,

Sorry to hear you’re running into some trouble. Based on your description, it doesn’t sound like an issue with the token, especially if it is decoding correctly.

It sounds like you’ve already done this, but something that is always good to check is that you have successfully linked your Adobe and Frame.io accounts. Instructions on how to do so can be found here: Connecting to Adobe authentication | Frame.io V4 Knowledge Center

If that is showing up as successfully linked, the next thing I’d check is the headers. Feel free to send over an example of the requests you’re sending (header included), along with the full response body and I’ll be happy to take a look to troubleshoot further!

Thanks — yes, Adobe and Frame.ioappear to be linked successfully in the UI.

Here are the requests I’m sending:

GET https://api.frame.io/v4/me

Header: Authorization: Bearer <access_token>

GET https://api.frame.io/v4/accounts

Header: Authorization: Bearer <access_token>

Both return:

Status: 403 Forbidden

Response body:

403 Forbidden

Additional context:

• Fresh Adobe Developer Console project

• Frame.ioAPI added

• OAuth Web App configured

• Authorization Code flow succeeds

• Token exchange succeeds

• Access token decodes correctly

• Token scopes include: openid, additional_info.roles, offline_access, profile, email, AdobeID

At this point, does this pattern suggest a backend entitlement/workspace access issue rather than an OAuth/token issue?

hi @newvisions 403 means “unauthorized” or “forbidden” meaning you dont have access. Can you go here, click login, and then hit Send Request? https://next.developer.frame.io/platform/api-reference/accounts/index?explorer=true

Let us know what you learn as this will tell us whether it’s an account issue or some other issue.

Thanks — I dug further and found an important clue.

I tested the built-in API explorer.

I was able to log in successfully and GET /v4/accounts returned 200 with account data, including my account.

I also looked at the explorer’s generated request/code sample and confirmed that the token being used there belongs to a different client_id than my custom Adobe app.

So it appears the built-in explorer is authenticating through a first-party Frame client, while tokens issued to my own custom Adobe app still fail.

For my custom app:

• Adobe OAuth Authorization Code flow succeeds

• token exchange succeeds

• token decodes correctly

• scopes include:

openid, additional_info.roles, offline_access, profile, email, AdobeID

But requests like:

/v4/me

v4/accounts

still fail when using the token from my custom app.

Also, if OAuth app type matters here:

• should this be configured as OAuth Web App

• Native App

• or some other app type for Frame V4?

At this point the account itself appears to have API access (since the explorer works), but my custom client does not.

@newvisions the built in explorer uses the Adobe Developer Console project that we set up, we did it this way to ensure that people could test their integrations as well as help us troubleshoot issues as they come up (as in your case). It’s no different than how anyone else can set up their own credentials.

The fact that you can get a 200 request on the explorer means there’s some issue in how you’re authenticating or how you’re exchanging the auth token for an access token (since we’ve ruled out general API access).

Can you share the exact code or curl command you’re using to call the API? Specifically:

• How you’re doing the token exchange (the full request to the token endpoint, redact the secret)
• How you’re attaching the token to your API calls

You can DM me if you’d like if it’s sensitive info.

Also can you confirm these steps are taken correctly?

1. Confirm the Frame.io API specifically is added to your Adobe Developer Console project.

2. Credential check — Make sure you’re using the client_id and client_secret from your OAuth Web App credential specifically.

3. Authorization URL — Confirm you’re passing the correct client_id, redirect_uri, and response_type=code to the Adobe IMS authorize endpoint.

4. Redirect URI match — The redirect_uri in your auth request must exactly match what’s registered in the Developer Console, including trailing slashes.

5. Auth code capture — After approval, confirm you’re extracting the code parameter from the redirect correctly.

6. Token exchange — This is the most common failure point. Confirm you’re POSTing to the Adobe IMS token endpoint with: grant_type=authorization_code, the auth code, client_id, client_secret, and the same redirect_uri used in step 3.

7. Correct token — The token response returns both an access_token and an id_token. Make sure you’re using the access_token, not the id_token.

8. Header format — Confirm your Authorization header is exactly Authorization: Bearer <token> — capital B, single space, no extra whitespace or quotes around the token value.

9. Token freshness — Auth codes expire within minutes. If there’s any delay between getting the code and exchanging it, you may end up with a bad token.

10. API base URL — Confirm you’re hitting https://api.frame.io/v4/ exactly, not /v2

If you can share the code or curl commands for steps 3, 6, and your actual API call (redact the secret), that’ll help us spot where it’s breaking down.

Hi Charlie, how do I dm you? Not seeing an option on your profile

hi @newvisions it’s a timed thing (since you are a new user) just takes a few days to validate or a few posts. Should unlock soon-ish. Was implemented a while back since we had users getting spammed by bots

Gotcha, Ill keep an eye on that and flag you when I can dm you

Best,

Dylan Brannigan
New Visions Productions
(718) 612-6274
www.ournewvisions.com

@newvisions we just released our Auth SDK for python, can you try this to see if it fixes your issues?

Cool! Will try this later today or Friday when I have more ops time scheduled and report back