In regards to authorization, OpenAPI returns:
401
- If the access token has expired
- If you do not provide an access token
- If your access token is invalid
- If you try to access data you’re not allowed to access e.g. requesting performance data from another client
403
- If you are restricted by not having the application data group required by the endpoint
- If you are restricted by not being a Saxo application if required by the endpoint
- If you are restricted by not having the application permissions required by the endpoint e.g. write access
- If you are restricted by not being the identity type required by the endpoint e.g. Mits user or employee
- If you are restricted by not coming from the internal network if required by the endpoint
- If you are restricted by your Granular User Access setup for the endpoint