Skip to content

Invalid Scope

URI: https://docs.ankatech.co/errors/invalid_scope
HTTP Status: 400 Bad Request

This error also corresponds to the RFC 6749 OAuth 2.0 error code invalid_scope of the same name. The RFC 7807 type suffix uses the identical underscore form so the two identifiers match.

When you see this

The requested scope is unknown, malformed, or exceeds the scope the client or resource owner may be granted.

Common Causes

  • Requesting a scope that does not exist.
  • A malformed scope string.
  • Requesting a scope beyond what the client or resource owner is allowed.

Response Example

{
  "type": "https://docs.ankatech.co/errors/invalid_scope",
  "title": "Invalid Scope",
  "status": 400,
  "detail": "The requested scope is invalid or exceeds the permitted scope.",
  "instance": "/oauth/token",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. Request only scopes that exist and that the client is permitted to obtain.
  2. Check scope names and formatting against the Developer Hub Reference.
  3. Re-submit with a valid scope set.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.