Scope and URL mismatch 403 on file delete

Anand_Patel · May 12, 2021, 8:18am

I am getting following error for delete file API

Scope and URL mismatch

URL: https://api.pipedrive.com/v1/files/116
or https://api.pipedrive.com/files/116

method: DELETE

Response:
{“success”:false,“error”:“Scope and URL mismatch”,“errorCode”:403}

It is not working with access token, but when I tried to call API using API token, it is working.

Can anyone help?

mykhailo · May 12, 2021, 9:02am

Hi @Anand_Patel

Could you check if your access token has a required scope? More details here Scopes and permission explanations

Anand_Patel · May 12, 2021, 9:49am

Hi @mykhailo
Yes, It has required scope, you can check it here. let me know if it is missing scope for deleting files??

mykhailo · May 12, 2021, 9:53am

deals:full is missing, hence you can’t call DELETE /files/{id} endpoint.

Anand_Patel · May 12, 2021, 10:20am

@mykhailo I am attaching the files to Persons, also added the scope deals:full as you mention, still I am getting same error.

I have uninstall and reinstall the app with new permissions.

mykhailo · May 12, 2021, 10:25am

I am getting following error for delete file API

and

I am attaching the files to Persons

are two different operations and endpoints.

First, please find an endpoint you call here https://pipedrive.readme.io/docs/marketplace-scopes-and-permissions-explanations?_ga=2.26935029.957582056.1620625517-616496590.1619504633

After that, check if your new access token really has the scope that is used for an endpoint you need.

Finally, call the endpoint according to the documentation Pipedrive API v1 Reference.

Hope it helps.

Anand_Patel · May 12, 2021, 10:56am

@mykhailo Yes, I understand attaching the files to Persons is different operation.

but I am trying to delete the files attached to Persons.

I am still getting the same error, How can I check the scope on new access token? I am sure I have used the new access token.

Also Other APIs related to files are working, i.e GET files/116, GET files/
only DELETE files/116 is giving this error.

mykhailo · May 12, 2021, 11:30am

How can I check the scope on new access token?

Once you exchange one-time token to access/refresh tokens, the response will include scope, it’s a list of scopes an access token has.

Could you check if a scope of an endpoint you call matched with the scope in the list, ideally enable all the scope you need, and get a new access token.

Anand_Patel · May 12, 2021, 12:29pm

@mykhailo Thank you,

I can see following details in scope, but still delete file API is not working.

base,deals:full,mail:full,activities:full,contacts:full,products:full,users:read,recents:read,search:read,admin,leads:full,phone-integration,goals:full

mykhailo · May 12, 2021, 1:09pm

Do you use some SDK or just making a DELETE /files/<id> request with an access token that has deals:full scope? In other words, how do you make this request?

Anand_Patel · May 12, 2021, 1:22pm

@mykhailo I have tried to make request with SDK also and direct Guzzle call as well, I am getting same response for both way.

mykhailo · May 20, 2021, 10:46am

Hi @Anand_Patel,

Could you try again?

Anand_Patel · May 24, 2021, 9:43am

Hi @mykhailo Its working. Thank you for the help.