Welcome to the Panopto Community

Status 403 for https://extron.ap.panopto.com/Panopto/api/v1/auth/legacyLogin (2020-01-02)

Cait McCabeCait McCabe Administrator
edited February 2020 in API

Original Post: Rose Kyaw, January 2, 2020 at 9:46 PM


I have generated access token using User Based Server Application. Next I tried to get authentication cookies by using following code but it gives me status 403. The code is as following. How to make it work?

import requests

url = "https://extron.ap.panopto.com/Panopto/api/v1/auth/legacyLogin"

headers = {

  'Content-Type': "application/json",

  'Authorization': "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InhYTGt6ejUybGNhWGhZWjR2QVl1bXRYNmQxdyIsImtpZCI6InhYTGt6ejUybGNhWGhZWjR2QVl1bXRYNmQxdyJ9.eyJpc3MiOiJodHRwczovL2V4dHJvbi5hcC5wYW5vcHRvLmNvbS9QYW5vcHRvL29hdXRoMiIsImF1ZCI6Imh0dHBzOi8vZXh0cm9uLmFwLnBhbm9wdG8uY29tL1Bhbm9wdG8vb2F1dGgyL3Jlc291cmNlcyIsImV4cCI6MTU3ODAyMDE4OSwibmJmIjoxNTc4MDE2NTg5LCJjbGllbnRfaWQiOiI2ZjBlNmYwMi1mMDY3LTRlNjItYWNhZS1hYjM2MDA3OThkZjIiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwic3ViIjoiNmRhMDg0MWYtN2NlNS00ZWY4LWJkMDYtYWIwMjAwNzBlNmYyIiwiYXV0aF90aW1lIjoxNTc4MDE2NTg5LCJpZHAiOiJpZHNydiIsImFtciI6WyJwYXNzd29yZCJdfQ.fxMyyClbDcc17nv-LKyqMUhIBtbRCsiexhJTa-jbSxxV6_U08-EbdmD7oYRVpMUnAVrN5paD9q19Hpc7f486hVfWSQMSqQSeco9jOxs7K7HTWJZne-ujJKiLmzsgjDp51yDGtQkYMd4oAOxHBZ7Sa1mJgr6Y-5W31f7BEMJFCFnyOgmhprQzjWHBe2jSzA8XH_S5OiXh3AMoBAYAsq0k817df2MotrtH10PZtUsWZs9vrGnpHlHGhJ0EWk8jqABiKFBupPTsXUt_u5DClBkd6iQlca5EA-tyi9Cm8VwElYyfv1Q5TtEjZTxznKlFakqhcj93wSkYhJw3t7PK0Ws0MQ",

  'User-Agent': "PostmanRuntime/7.20.1",

  'Accept': "*/*",

  'Cache-Control': "no-cache",

  'Postman-Token': "902f2a65-494c-4b2d-bb23-932a7ebb219c,91ef7bb4-9ed6-4000-a6df-a3cf0349af98",

  'Host': "extron.ap.panopto.com",

  'Accept-Encoding': "gzip, deflate",

  'Connection': "keep-alive",

  'cache-control': "no-cache"


response = requests.request("GET", url, headers=headers)



Kevin Baum, Moderator, January 8, 2020 at 2:17 PM

Hi Rose,

It looks like the "api" scope is not included in the access token, and that is required to access the legacyLogin endpoint. Can you make sure that you are requesting the "api" scope as part of the POST request to get the access token?

Please let me know if you have any other questions.





  • Hi Kevin,

    I have same issue. On a post call i set up scope=api. Using received bearer for further call and getting 403. Any suggestions?

  • Kevin BaumKevin Baum Panopto Employee

    Hi Anton,

    It is difficult to say without seeing the call itself. Would you be able to post a sample call to the API that is giving you this error (please redact the access token and any client information first)? I can take a look at it then and see if I can spot anything that may be causing this issue.



Sign In or Register to comment.