Is it possible to bypass OAuth scope validation for Architect flow triggers from AppFoundry?

sip_nerd · May 6, 2026, 7:32am

Is it possible to bypass the strict OAuth scope validation when invoking an Architect flow via the platform API from our AppFoundry integration? We are hitting a 403 Forbidden error despite the client having the flows:write scope, suggesting a hidden permission layer for external triggers.

Environment details:

AppFoundry Premium App v2.1.0
Node.js SDK 2.4.1
Endpoint: POST /api/v2/architect/flows/{flowId}/trigger
Error: 403 Forbidden (insufficient permissions for external invocation)

ConfigKing · May 6, 2026, 3:32pm

It depends, but generally…

Check client ID permissions in Admin > OAuth.
Ensure architect:flow:trigger is added. flows:write is insufficient for execution.
Rotate credentials to apply scope changes.

The 403 indicates missing execution rights, not just write access.