AEM Cloud Service — Sling POST Servlet returns 403 "The access token is missing required scopes" with OAuth Server-to-Server credential | Community
Skip to main content
M
Meghana_N
May 5, 2026
Question

AEM Cloud Service — Sling POST Servlet returns 403 "The access token is missing required scopes" with OAuth Server-to-Server credential

  • May 5, 2026
  • 1 reply
  • 6 views

 Environment
  - AEM as a Cloud Service (Author) - RDE
  - Adobe App Builder / Adobe I/O Runtime (Server-to-Server OAuth credential)
  - Node.js action using Axios to call AEM APIs

What I'm trying to do

I'm building an App Builder action that creates AEM Sites pages programmatically using the Sling POST Servlet. I have created another action already that creates and updates Content Fragments via the CF Management API(/adobe/sites/cf/fragments) which is working fine.

For page creation, I'm POSTing to the page path with application/x-www-form-urlencoded:

  POST /content/… (content path under which the PDP pages must be created)
  Content-Type: application/x-www-form-urlencoded
  Authorization: Bearer <IMS token>

  _charset_=UTF-8&jcr%3AprimaryType=cq%3APage&jcr%…......

The error

  Every request to the Sling POST Servlet returns:

  {
    "type": "https://api.adobeaemcloud.com/adobe/meta/errors/forbidden",
    "title": "Forbidden",
    "status": 403,
    "detail": "The access token is missing required scopes."
  }

  Current credential scopes

  The Developer Console project has these APIs added:
  - Content Fragment Management API → scope: aem.fragments.management
  - AEM Folders API → scope: aem.folders

Product Profiles : AEM Sites Content Managers - author

Full scope string in use: openid,AdobeID,aem.fragments.management,aem.folders

My Questions:

1. What is the correct IMS scope required to call the Sling POST Servlet on /content/... paths with a Server-to-Server credential?

2. Is there an alternative OpenAPI endpoint for programmatic page creation that works with Server-to-Server credentials and the scopes currently available?

Thanks in advance!

    1 reply

    manav
    Adobe Champion
    manavAdobe Champion
    Adobe Champion
    May 6, 2026

    Good one ​@Meghana_N, to resolve the 403 Forbidden[The access token is missing required scopes] error when hitting the AEM Sling POST Servlet via App Builder, you should verify few specific configurations across the developer console, your IMS setup and AEM itself, basically multiple things:

    • check that OAuth Server-to-Server credential is requesting the correct IMS scopes when generating the access token. For AEMaaCS, the token must explicitly include the AEM Cloud SDK scopes to be recognized as valid.

    • In the Adobe Developer Console, verify the Product Profile selected when you added the AEMaaCS API to your App Builder workspace. This profile must have the necessary AEM permissions, as this step is what actually provisions the technical account into your AEM instance.

    • Sling POST Servlet strictly enforces JCR ACL. Log into AEM and ensure that the provisioned user(the technical account email) has explicit create-modify-delete permissions,

    • Many endpoints will reject a request if it only contains the token. Ensure your request includes both:

      • Authorization: Bearer <YOUR_TOKEN>

      • x-api-key: <YOUR_CLIENT_ID>

    • If your permissions and headers are correct but you continue to receive 403s, try adding the Sling-No-Redirect: true header to your request..


    ​​​​​​​

    #MagentoMan
    Terms & ConditionsAccessibility statement

    Loading footer...