cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP CALM API returns forbidden / 403 (in postman)

Go to solution
friscas
Explorer

‎2025 Mar 25 5:18 PM - edited ‎2025 Mar 25 5:24 PM

0 Kudos
367

Hi everyone, 

I am testing or calm API instance service on postman, but I sadly get a 403 after successfully fetching the correct access_token

.

When creating the service, I have also added the correct scopes like described here: https://help.sap.com/docs/cloud-alm/apis/managing-scopes

What I do in postman:

  1. Fetch auth token from the API auth given by the service key (...authentication.eu20.hana.ondemand.com/oauth/token)
  2. copy access_token from the successful response and add it as a Bearer token and hit request to https://{region}.alm.cloud.sap/api/calm-projects/v1/projects
  3. response is forbidden with status code 403

I would really appreciate your help, thank you.

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
john_p_grimes
Product and Topic Expert
Product and Topic Expert
‎2025 Mar 25 5:47 PM
0 Kudos

Hi Friscas,

When you submit the API request to generate the token, you should receive some JSON in the response. The JSON includes the token, but also a "scopes" attribute with a list of assigned scopes. What values are in that list?

Thanks and regards,
John

friscas
Explorer
‎2025 Mar 25 6:28 PM
0 Kudos
Hi @john_p_grimes, yeah i checked field scopes in the response and its missing all the calm-api one like calm-api.projects.read i forgot to add that i the post, do you know what the cause might be? thx
View Entire Topic
friscas
Explorer
‎2025 Mar 28 12:32 PM
0 Kudos

HI @john_p_grimes ,

i have solved the issue with the amazing CALM customer support and the issue had to do with the grant type, i have set it to password but since it is a OAuth2 client credentials, the grant type should be grant_type=client_credentials.

 

So in the url path there should be a query param, like the following:

https://{tenantid}.authentication.{region}.hana.ondemand.com/oauth/token?grant_type=client_credentials

Show replies
Show replies
Ask a Question