`issues list` returns 403 even with valid token that works via REST API

[jamesblackwell]

CLI Version

3.0.1

Operating System and Architecture

• macOS (arm64)
• macOS (x86_64)
• Linux (i686)
• Linux (x86_64)
• Linux (armv7)
• Linux (aarch64)
• Windows (i686)
• Windows (x86_64)

Operating System Version

macOS 15.5 (Sequoia)

Link to reproduction repository

No response

CLI Command

sentry-cli issues list -o version-zero -p quizgecko-php-laravel --max-rows 10 -s unresolved

Exact Reproduction Steps

1. Create a User Auth Token with full admin scopes (org:admin, event:admin, etc.)
2. 2. Configure token in ~/.sentryclirc
3. 3. Run sentry-cli issues list -o <org> -p <project> -s unresolved
4. 4. Get 403 error: "You do not have permission to perform this action"
      However, the same token works fine via REST API:

curl -s "https://sentry.io/api/0/organizations/<org>/issues/?project=<project_id>&query=is:unresolved" \
  -H "Authorization: Bearer $TOKEN"

Note: The CLI uses project slug in the URL (/api/0/projects/<org>/<project-slug>/issues/) but the REST API requires project ID as a query param. This may be the root cause.

Also: sentry-cli info misreports token scopes - shows only 4 scopes even when the token has full admin access.

Expected Results

The CLI should list issues from the project, same as the REST API does with the same token.

Actual Results

403 error: "You do not have permission to perform this action"

The CLI hits /api/0/projects/<org>/<project-slug>/issues/ which returns 403, while the working REST API uses /api/0/organizations/<org>/issues/?project=<project_id>

Logs

$ SENTRY_LOG_LEVEL=debug sentry-cli issues list -o version-zero -p quizgecko-php-laravel --max-rows 5

DEBUG x-sentry-proxy-url: http://10.2.0.67:8999/api/0/projects/version-zero/quizgecko-php-laravel/issues/
DEBUG body: {"detail":"You do not have permission to perform this action."}
error: API request failed
Caused by: sentry reported an error: You do not have permission to perform this action. (http status: 403)

Token scopes (from Sentry UI): alerts:read, alerts:write, event:admin, event:read, event:write, member:admin, member:invite, member:read, member:write, org:admin, org:integrations, org:read, org:write, project:admin, project:read, project:releases, project:write, team:admin, team:read, team:write

But sentry-cli info shows only: org:read, project:read, project:releases, project:write

[linear]

CLI-259

[szokeasaurusrex]

Hey @jamesblackwell, thanks for writing in!

I tried to reproduce your issue by creating a token with full permissions on all scopes, and using it to list issues, but for me, the command was successful. Also, when I ran sentry-cli info, I got all of the scopes returned, not just four.

Likely Root Cause

Since the scopes shown by sentry-cli info are incorrect, my suspicion is that Sentry CLI found a different token, with more limited permissions, and is using that token instead of the token in ~/.sentryclirc, hence the 403 error. According to sentry-cli info, the token Sentry CLI is using does not have the event:read scope, which is needed to get issues, so the 403 is expected.

Next Steps

To confirm whether the problem is with Sentry CLI failing to use the token you expect, please try passing the full-permissions Auth Token directly to the CLI with --auth-token, like so:

sentry-cli info --auth-token=<auth_token_with_full_permissions>
sentry-cli issues list -o version-zero -p quizgecko-php-laravel --max-rows 5 --auth-token=<auth_token_with_full_permissions>

If those commands work as expected, this would confirm that the problem is that Sentry CLI is not finding the token in ~/.sentryclirc. Possible reasons why Sentry CLI would not find this token include:

1. The SENTRY_AUTH_TOKEN environment variable is set, as this environment variable takes precedence over ~/.sentryclirc.
2. Your current working directory, or a parent directory, contains a .sentryclirc file. These local .sentryclirc files may take precedence over the global ~/.sentryclirc.

Hope that helps; please let me know if you need further assistance!