Sonny Labs Docs
Error codes

auth.forbidden_scope

The credential is valid but does not carry the scope this operation requires.

auth.forbidden_scope is returned at HTTP 403.

When this fires

API keys are scoped (scans:write, policies:read, etc.). Sessions inherit scopes from the user's role. When the granted scope set does not include every scope the operation requires, the runtime rejects the call before the controller runs.

What to do

Mint a new API key whose scopes include the missing one, or ask an admin to grant your user the role that carries it. The required scopes are documented per-operation under the x-required-scopes extension in docs/design/api/v1/openapi.yaml.

See also

  • SDK reference — the Python and TypeScript SDKs raise typed exceptions for codes in this namespace.
  • Error code index — every code the runtime can return.

auth.forbidden

The principal is authenticated but is not allowed to perform this operation.

auth.no_org_context

The request authenticated but no `org_id` was bound to the session — typically a misconfigured caller.

On this page

When this firesWhat to doSee also