403 error Request had insufficient authentication scopes.

[f s]

I received the correct response in the same request before, why is the error returned? Isn't the Google Ads API's scope just enough? I can't add another adwords scope. What should I do?

Request via curl: 

POST /v1/customers/4939887x/googleAds:search HTTP/1.1
Host: googleads.googleapis.com
Developer-token: Wo_rsApU2moXgEnxxx
Content-length: 232
Content-type: application/json
Authorization: Bearer ya29.Gl1cBy0t2s6zFaFeNlmhTUIEf6ha7SzAe43al4M0zZawui1p3mPdS8Ty3bzbGh5TbeFm_r.....
Login-customer-id: 4939887x

"Parameters":
{
  "query" : "SELECT campaign.name, campaign.status, segments.device, metrics.impressions, metrics.clicks, metrics.ctr, metrics.average_cpc, metrics.cost_micros FROM campaign WHERE segments.date DURING LAST_30_DAYS"
}

Response: 

HTTP/1.1 403 Forbidden
Content-length: 138
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Tue, 06 Aug 2019 09:17:58 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="46,43,39"
Content-type: application/json; charset=UTF-8
Www-authenticate: Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/adwords https://adwords.google.com/api/adwords https://adwords.google.com/api/adwords/ https://adwords.google.com/api/adwords/cm http://adwords.google.com/api/adwords https://adwords.google.com/api/adwords/email"
{
  "error": {
    "status": "PERMISSION_DENIED",
    "message": "Request had insufficient authentication scopes.",
    "code": 403
  }
}

[Google Ads API Forum Advisor Prod]

Hello,

Could you please confirm the below scenarios where the scope, redirect URI and permissions are assigned.

1. Could you please share the email address of the user using which the scopes are authorized and the client customer id using reply privately to the author option? In general the email address should have standard/Admin access to the account in order to make the API call.
2. Please confirm whether the client Id and client secret are generates with the same email address as of the above and check whether the project in Google API Console Credentials page still exists. If exists check whether the Authorized redirect URI is mentioned correctly as shown in step-5 here.
3. finally try adding those scope separated by comma "," and authorize again as shown in step-4 and 5 here with a valid user that is having access to the account. 

Please give it a try and let me know if you have any further questions.

Regards,
Sai Teja, Google Ads API Team

ref:_00D1U1174p._5001UEI1Ns:ref

[f s]

Hi, Sai

Thanks a lot.

I got the correct response after recreated the refresh token. I might have made the token without the adwords scope...