I’ve trying to use the curl commands from OpenAI’s documentation to create a service account in one of my projects. But I’m not able to do that after multiple trials.
Error shown: “You have insufficient permissions for this operation. Missing scopes: api.management.read. Check that you have the correct role in your organization, and if you’re using a restricted API key, that it has the necessary scopes.”
Here’s all the ways I tried:
I set the permissions of that admin API key to “ALL”, the terminal threw the same error.
I set the Permissions to “Restricted” and set the “Organization Administration” to “Read” which allowed me to list my projects but didn’t allow me to create a service account with the above mentioned permissions.
I set the Permissions to “Restricted” and set set the “Organization Administration” to “Write” this time, and it show the error I mentioned above.
I wanted to ask if there’s any change to the permissions to admin API keys from OpenAI or is there anything I’m missing?
I have tried to reproduce the issue and the most likely explanation is that you unintentionally used another API key all the time and that’s why the API always returned the same error message.
Using an Admin Key with all permissions works as expected.
a) Using Admin key with restricted permissions to read Organization Administration fails as expected with the error message you posted above.
b) Using Admin key with restricted permissions to write Organization Administration works as expected
Using an Admin key with Read ALL fails as expected with the error message you posted above.
I just created another key and it worked! The key I was using previously was created on Nov 20th and it still doesn’t work when the permissions are set to “All”. I just wanted to know, was this intended to happen - I mean would an Admin API key expire after some uses or after certain period of time?
After your reply, I double-checked and can confirm there is a bug.
The issue occurs when using an Admin Key that was originally created with limited permissions. Updating that key to All permissions via the platform does not take effect, and we can consistently reproduce the problem when attempting to create a service account.
The API then unexpectedly returns the following error: {"error":"You have insufficient permissions for this operation. Missing scopes: api.management.write. Check that you have the correct role in your organization, and if you're using a restricted API key, that it has the necessary scopes."}
Notably, this issue does not occur if the Admin Key is created with permissions set to All initially, then restricted to Read, and later changed back to All.
I am glad you are unblocked for now and will raise this with the team.
Thank you for flagging this, and especially for following up!