I have a V4 Frame.io account linked to Adobe ID A0672738699CE30D0A495E8C@AdobeID. I’ve set up an OAuth Web App in Adobe Developer Console with all required scopes including additional_info.roles, but my access tokens have no roles in the payload and all V4 API calls return 401. Do I need the Frame.io API entitlement enabled for my Adobe account?
Hi @wwhite56! If the API is returning a 401 for every call, that usually indicates an issue with scopes.
Here are all the scopes you should be including in your authorization request:
openid additional_info.roles offline_access profile email
If you’re missing any of these, that is likely the issue. If you already are using all of those scopes, let me know and I’ll be happy to continue troubleshooting!
Hello! I do have all of those scopes being returned with my authorization request but I think the issue might be that I am not getting a roles property in the payload as well. Something like "roles": ["frameio_api_access"]
hi @wwhite56 we do not require roles in the payload. All of the scopes that @rosiec provided (what are also included in the dev console project when you add the Frame.io API) are needed when initially authorizing to IMS and then your JWT will have all the needed permissions to make subsequent calls.
Can you provide the full response of the 401 error you are getting? Can you provide any more info about your setup as well? Thanks!
Sure!
The 401 statusText I am getting back is “Unauthorized” and the data is {“errors”:[{“title”:“Unauthorized”,“detail”:“Invalid or missing authorization token”}]}}.
For context I have made a Webhook on next.frame.io for the file.created and file.updated events, my project in the Adobe Developer Console only uses the Frame.io API for the Products and Services and it is an OAuth Web App. I have a script that I run to login to the Web Authorization to get my Access/Refresh Tokens that do return properly when I login with my Adobe Credentials. The scopes that are included in those tokens are "scope": "openid,profile,email,offline_access,additional_info.roles,AdobeID",
The API endpoints I am trying to use are GET /v4/accounts, GET /v4/accounts/{account_id}/workspaces, GET /v4/accounts/{account_id}/workspaces/{workspace_id}/projects, GET /v4/accounts/{account_id}/files/{file_id}?include=media_links.original, and GET /v4/accounts/{account_id}/folders/{folder_id}/children?include=media_links.original but I am getting 401s on trying to fetch the initial account information. Hopefully this helps, thanks!
hi @wwhite56 the scopes are specifically openid additional_info.roles offline_access profile email you need to only have those in your auth request. You are including AdobeID as well, which is not part of the scopes and thus giving you the Invalid or missing authorization token error.
That’s the thing, I am only using the openid additional_info.roles offline_access profile email scopes for my authorization token scope parameters. When the tokens are returned the AdobeID is returned with the rest.
My scope in the authorization URL looks like this scope=openid%2Cprofile%2Cemail%2Coffl
ine_access%2Cadditional_info.roles
hi @wwhite56 can you try with space delimited scopes instead of commas? would look like this: scope=openid%20profile%20email%20offline_access%20additional_info.roles
Still getting AdobeId with the rest of the scopes with the space delimited scopes
hi @wwhite56 yes that seems to be added on the Adobe side, but wouldn’t worry about it (I can confirm it’s added to my JWT on a successful call). Did the space delimited work for you?
Still getting 401’s unfortunatly with the space delimited scopes
hi @wwhite56 can you visit List accounts | Frame.io API Documentation hit login, and then send request and let me know what you get?
Hello, I receive a 200 response with an object that looks like:
"data": [
{
"id": "0aa82fc1-af09-4d18-b72c-cf32328962b1",
"image": null,
"updated_at": "2026-03-10T00:15:53.963923Z",
"display_name": "William's Account",
"storage_limit": 2000000000,
"roles": [
"owner"
],
"v4_migrated_at": null,
"mounted_storage_enabled": true,
"created_at": "2026-02-23T23:30:38.575351Z",
"storage_usage": 168147
}
],
"links": {
"next": null
}
Okay great, this means your account is working with the API and that there’s some sort of disconnect in the way you’re authenticating with your script. Can you post how your authentication script is coded? You can DM me if you prefer to keep it private.
hi @wwhite56 we just released our auth sdk for python. Can you try this to see if it resolves your issues?