V4 API returns 401 on all endpoints despite valid Adobe OAuth token and confirmed account linkage

Help
,
1

I’m making an Adobe app that uses the Frame API. I’m trying to use the V4, and I’ve followed all the setup steps, but all API calls return 401 “Unauthorized”. Yes, I’ve already gone through the other posts related to this issue, and none of them were able to resolve the issue.

What I’ve Already Tried:

  • Confirmed with Frame support that my Adobe ID is linked (they even refreshed the connection)

  • Disconnected Google sign-in from Adobe and switched to email/password authentication only

  • Tested multiple endpoints (V4 and V2)

  • Tested with and without the x-api-key header

  • Reviewed every single existing forum post about 401 errors - none of them resolved my issue

My Configuration:

  • Frame account is active with the correct email and admin privileges

  • Adobe ID: 17CC21E4694334910A495E55@AdobeID

  • These accounts have been confirmed connected by the support team

  • Frame shows “Manage on Adobe” in account settings as expected

  • Adobe Developer Console: Frame API added, OAuth Web App credential configured

The Problem: The OAuth flow completes successfully. Adobe IMS issues a valid JWT token. But when I call Frame:

GET https://api.frame.io/v4/me
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...
Response: 401 {"errors":[{"title":"Unauthorized","detail":"Invalid or missing authorization token"}]}

GET https://api.frame.io/v2/me  
Response: 401 {"detail":"You are not allowed to access that resource"}

Token Analysis:

My JWT token contains these scopes: openid, AdobeID, offline_access, email, profile

There are NO Frame-specific scopes. In Adobe Developer Console, these are the only scopes available for the Frame API - there’s no option to add or configure additional scopes.

My Theory:

The token proves I’m a valid Adobe user, but Frame’s backend doesn’t recognize my Adobe ID as authorized for V4 API access. The zero Frame scopes suggests my account may not be provisioned for V4 (somehow) despite having Frame API added in Adobe Developer Console w/ a V4 Frame account.

Questions:

  1. Is there a separate hidden provisioning step required for V4 API beyond adding the Frame API in Adobe Developer Console?

  2. Should the token include Frame specific scopes? If so, how do I enable them? There was no option for that in the Adobe Developer Console, which was rather confusing.

  3. Is there a known issue with accounts that were previously using Google federated login with Adobe?

Any help would be greatly appreciated. I’ve spent considerable time troubleshooting this and am completely stuck. The customer support team at Frame said they were completely unable to help. Somebody, please help! Your boy’s getting desperate here haha.

2

Hi @Dylan_H_Dev

Sorry you’re running into trouble with this.

It looks like you’re missing additional_info.roles from your scopes which is likely the cause. I tested this myself, and was able to reproduce using a token generated without it.

This scope is essentially what tells IMS to include your assigned roles and product permissions in the token. So if that’s missing, when Frame.io receives it, it technically knows who you are but can’t confirm that you should be able to access Frame.io.

Here are all the scopes you should be including:

openid, additional_info.roles, offline_access, profile, email

I hope this helps! Feel free to follow up here if you have any other questions, or continue to run into any issues with this (although this should solve it!:crossed_fingers:)

3

Thank you for the response. I apologize for not specifying this before, but I did already in fact have that scope turned on. It’s actually one of the default scopes that Adobe automatically applies, and the scopes are actually not possible to change. So I’ll just show you a screenshot of the scopes that I have, which are the only ones that Adobe allows, and they cannot be either activated, selected from, or deactivated. By default, Frame apps configured in the Adobe Developer Console can only have these scopes and none of them can be excluded.

Here’s a screenshot of my Adobe Developer Console showing that these scopes are in fact active:

image
image479×106 3.86 KB

So unfortunately, I did already have all of these scopes active, and that does not solve the issue. Some other problem is causing this 401 response.

4

Hi @Dylan_H_Dev,

The scopes shown in the Developer Console are scopes that the application, in this case Frame.io, is allowed to access. When you’re constructing your request URL, you do still need to specify all required scopes.

Here’s an example from the Authentication Guide:

https://ims-na1.adobelogin.com/ims/authorize/v2?client_id=202b135c20864fbfb26a46522aa2433b&redirect_uri=https://www.myapp.com/OAuth/callback&scope=openid,additional_info.roles,offline_access,profile,email&state=90cff02f-da33-46ec-985c-1f5cf2f9644a&response_type=code

Just to confirm, is this how you’ve been constructing your request URLs? If not, that’s the first thing I’d recommend. If so, happy to continue troubleshooting!

5

hi @Dylan_H_Dev as @rosiec said, you need to make sure you are using all of the scopes in the initial OAuth authentication, otherwise you will get a 401 error

6

Okay this is solved! You guys were right. I did have these scopes available in my Adobe Developer Console for this project, but unfortunately I had not implemented them into my code base correctly. Once all the scopes were added in my code base, I was able to make a request successfully. So that was actually a problem. This is now resolved, and I now have access for my app.

1 Like
7

Awesome glad you got it resolved!