Hi. I was creating custom routes for my api through a generated API token the other day and kept getting 403 forbidden error. At first I suspected it was due to the permission not being set up correctly but there were more to it.
Long story short, I managed to get it working by changing the API token type from “read-only” to “full access”. I’m confused as to what they really do, since the custom route I was writing was only a simple GET, which makes sense with the “read-only” spirit of the API token.
Can someone tell me how the two token types behave?