Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Status 403 for https://extron.ap.panopto.com/Panopto/api/v1/auth/legacyLogin (2020-01-02)

Caitlin McCabeCaitlin McCabe Administrator
edited February 2020 in API

Original Post: Rose Kyaw, January 2, 2020 at 9:46 PM


I have generated access token using User Based Server Application. Next I tried to get authentication cookies by using following code but it gives me status 403. The code is as following. How to make it work?

import requests

url = "https://extron.ap.panopto.com/Panopto/api/v1/auth/legacyLogin"

headers = {

  'Content-Type': "application/json",

  'Authorization': "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InhYTGt6ejUybGNhWGhZWjR2QVl1bXRYNmQxdyIsImtpZCI6InhYTGt6ejUybGNhWGhZWjR2QVl1bXRYNmQxdyJ9.eyJpc3MiOiJodHRwczovL2V4dHJvbi5hcC5wYW5vcHRvLmNvbS9QYW5vcHRvL29hdXRoMiIsImF1ZCI6Imh0dHBzOi8vZXh0cm9uLmFwLnBhbm9wdG8uY29tL1Bhbm9wdG8vb2F1dGgyL3Jlc291cmNlcyIsImV4cCI6MTU3ODAyMDE4OSwibmJmIjoxNTc4MDE2NTg5LCJjbGllbnRfaWQiOiI2ZjBlNmYwMi1mMDY3LTRlNjItYWNhZS1hYjM2MDA3OThkZjIiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwic3ViIjoiNmRhMDg0MWYtN2NlNS00ZWY4LWJkMDYtYWIwMjAwNzBlNmYyIiwiYXV0aF90aW1lIjoxNTc4MDE2NTg5LCJpZHAiOiJpZHNydiIsImFtciI6WyJwYXNzd29yZCJdfQ.fxMyyClbDcc17nv-LKyqMUhIBtbRCsiexhJTa-jbSxxV6_U08-EbdmD7oYRVpMUnAVrN5paD9q19Hpc7f486hVfWSQMSqQSeco9jOxs7K7HTWJZne-ujJKiLmzsgjDp51yDGtQkYMd4oAOxHBZ7Sa1mJgr6Y-5W31f7BEMJFCFnyOgmhprQzjWHBe2jSzA8XH_S5OiXh3AMoBAYAsq0k817df2MotrtH10PZtUsWZs9vrGnpHlHGhJ0EWk8jqABiKFBupPTsXUt_u5DClBkd6iQlca5EA-tyi9Cm8VwElYyfv1Q5TtEjZTxznKlFakqhcj93wSkYhJw3t7PK0Ws0MQ",

  'User-Agent': "PostmanRuntime/7.20.1",

  'Accept': "*/*",

  'Cache-Control': "no-cache",

  'Postman-Token': "902f2a65-494c-4b2d-bb23-932a7ebb219c,91ef7bb4-9ed6-4000-a6df-a3cf0349af98",

  'Host': "extron.ap.panopto.com",

  'Accept-Encoding': "gzip, deflate",

  'Connection': "keep-alive",

  'cache-control': "no-cache"


response = requests.request("GET", url, headers=headers)



Kevin Baum, Moderator, January 8, 2020 at 2:17 PM

Hi Rose,

It looks like the "api" scope is not included in the access token, and that is required to access the legacyLogin endpoint. Can you make sure that you are requesting the "api" scope as part of the POST request to get the access token?

Please let me know if you have any other questions.





  • Options

    Hi Kevin,

    I have same issue. On a post call i set up scope=api. Using received bearer for further call and getting 403. Any suggestions?

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Anton,

    It is difficult to say without seeing the call itself. Would you be able to post a sample call to the API that is giving you this error (please redact the access token and any client information first)? I can take a look at it then and see if I can spot anything that may be causing this issue.



Sign In or Register to comment.