HTTP 403 Forbidden error for some contextio 2.0 requests signed using scribe oauth service

Question

I wrote a context.io 2.0 java client for : accounts,discovery, threads and messages operations to be used in my project (based on the available ContextIO Java client). My code is at : https://github.com/dileepajayakody/isis-reputationbox/blob/master/reputationbox/dom/src/main/java/at/tomtasche/contextio/ContextIO_V20.java

While testing it, when I invoke the accounts request: https://api.context.io/2.0/accounts and discovery requests (eg: https://api.context.io/2.0/discovery?email=testemail@gmail.com&source_type=IMAP, I successfully get the desired response with a HTTP 200

However when I invoke the messages, threads, contacts requests by adding the account_id parameter in the request URL (eg : https://api.context.io/2.0/accounts/1234ff425ad/messages) I get an empty JSON array with a HTTP 403 Forbidden response.

When I try out the same request in the contextio developer console, I get the response without a problem.

I don't think it's something wrong with the way I sign the oauth request since it's the same way I sign for accounts and discovery requests for which I get the contextIO response properly.

Any help in resolving this error is much appreciated.

Thanks, Dileepa

Answer 1

I don't think the issue is related to oauth request signing, since we normally return 401 or 404 messages for errors there.

The fact there's no body content with the 403 response leads me to believe your api_key does not own the account specified. If it did own it then we would include a json array with type, code, value parameters to help debug the issue. If you have two developer accounts then you may just be using the wrong one for this test.

I hope this helps. If not, please feel free to contact us at support@context.io.

Thanks!

Dan