Need 403 responses on most endpoints

Question

Need 403 responses on most endpoints

Closed this issue 6 years ago · 0 comments

There are some instances where a 403 is appropriate. A key one is when a valid access_token with the appropriate scope is provided to an endpoint, but the data in the payload does not match the claims in the token.

Add 403's to all USS-API endpoints.