The Vapi.Std.Errors.Unauthorized error indicates that the user is not authorized to perform the operation.
API requests may include a security context containing user credentials. For example, the user credentials could be a SAML token, a user name and password, or the session identifier for a previously established session. Invoking the operation may require that the user identified by those credentials has particular privileges on the operation or on one or more resource identifiers passed to the operation.
Examples:
The operation requires that the user have one or more privileges on the operation, but the user identified by the credentials in the security context does not have the required privileges.
The operation requires that the user have one or more privileges on a resource identifier passed to the operation, but the user identified by the credentials in the security context does not have the required privileges.
Counterexamples:
The SAML token in the request's security context has expired. A Vapi.Std.Errors.Unauthenticated error would be used instead.
The user name and password in the request's security context are invalid. The Vapi.Std.Errors.Unauthenticated error would be used instead.
The session identifier in the request's security context identifies a session that has expired. The Vapi.Std.Errors.Unauthenticated error would be used instead.
For security reasons, the Vapi.Std.Errors.Error.data property in this error is missing or null, and the Vapi.Std.Errors.Error.messages property in this error does not disclose why the user is not authorized to perform the operation. For example the messages would not disclose which privilege the user did not have or which resource identifier the user did not have the required privilege to access. The API documentation should indicate what privileges are required.
