Accessing any secured APIs

  • 18 August 2021
  • 2 replies

 As part of POC, I wanted to try any flow for secured API through postman calls ( where I use SST and TT)
but I get  the following error response 
"error": {
"parameters": [],
"requestId": "ZLfPOmzezJ8C615w:cyYYINLRbEhR6WNf:eprqhyo3xf7zbtfk",
"component": "Apache::RESTMD::Component::Permission",
"errorClass": "GDC::Exception::Forbidden",
"message": "Invalid operation"
Here is the sequence I followed:
1. Call to get SST
curl --location --request POST '' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"postUserLogin": {
"password": “<password>",
"remember": 1,
"verify_level": 2
2.Call to get Temp token using SST
--header 'X-GDC-AuthSST: 9AovOMx3Kp0rKqPES-tmPBeYxU8F-AAAACzB1cOZYW2lrVdyhH39iA6d99KA' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json'
3. using temp token to view projects info
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'X-GDC-AuthTT: I3Fxrc6hivBBLWd50B7sBpo-tjDfeZ_l8zkl9EFTVONjcFOoQmNFvPpDR5rBo86qe-8jN-H_9HeiRcBx-97bN3XGsrKL60wmoNbhcyfXETvFEF0G6sJ2LbNJDyTbMG3ASOktOijmV7CsovvUH1a6NZ3E6ILQVbhY2dAWj1SKK797ImwiOiIyIiwidSI6IjIyNzI5MjkiLCJ2IjoxNjI5MTMxMDE0LCJrIjoiYzBhMDFjMTAtNTg5MC00OTI5LThmYmYtMDkwOWVlMTgyNWNlIiwiaCI6InVsdGltYXRlYWkub24uZ29vZGRhdGEuY29tIn0'
and I get the error response I mentioned. so what do I do wrong? is it the project name maybe?

Best answer by Daniela 18 August 2021, 13:07

View original

2 replies

Hi Hend,
For all calls made to our APIs, always replace our Domain,, for your own.

And in your last API call:

3. using temp token to view projects info

Please change the domain with yours and use the project ID you are interested in getting the info from, so it looks something like this:<projectID>/

If you are not sure how to get the project ID, I recommend to check this article:




Thanks the problem was in deed in project id and I also changed the domain for the last call