Trying to kick off an Architect flow from our backend service using the REST API. The endpoint is POST /api/v2/flows/executions. I’ve got a valid OAuth 2.0 client credentials token with admin:flow scope. The payload looks right based on the docs.
{
"flowId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"inputs": {
"customerId": "998877"
}
}
Docs state: “The request body must include the flowId and any required inputs.” I’m sending exactly that. But I keep getting a 403 Forbidden. The error body is just {"errors":[{"code":"forbidden","message":"Forbidden"}]}. No other details. I can hit other admin endpoints fine with this token. Checked the flow status in the UI, it’s active. Permissions on the org level seem fine. Is there a hidden scope requirement for executing flows specifically? Or does the flow owner need to be the same as the token subject? Stuck on this one.