I’m having trouble with a PUT request to the D2L Valence API. When I try to update a course using /d2l/api/lp/1.2/courses/{courseId}, I keep getting a 403 Forbidden error. It’s weird because GET requests work fine with the same credentials.
Does anyone know what specific permissions are needed for this PUT operation? I’ve looked everywhere for a permissions matrix or list for Valence routes, but no luck.
Here’s a simplified example of what I’m trying:
import requests
url = 'https://myschool.d2l.com/d2l/api/lp/1.2/courses/12345'
headers = {'Authorization': 'Bearer mytoken'}
data = {'name': 'Updated Course Name'}
response = requests.put(url, headers=headers, json=data)
print(response.status_code) # Always prints 403
Any ideas on what I’m missing? This permission stuff is driving me nuts!
Hey GracefulDancer8, I feel your pain! 
API permissions can be such a headache sometimes.
Have you tried checking if you’re actually authorized to modify that specific course? It’s possible your account has general course management permissions, but not for this particular one. Maybe it’s a special course or there’s some weird restriction?
Another thing to consider - are you sure the course ID is correct? I’ve embarrassingly spent hours debugging before realizing I had a typo in my course ID. 
Oh, and here’s a random thought - could there be any kind of course lock or freeze in place? Sometimes admins put those on during certain periods.
What happens if you try to modify a different course? Does it work then? Might help narrow down if it’s a general permission issue or something specific to this course.
Anyway, hope you figure it out soon! Let us know what you find - I’m curious now!
hey there, i’ve run into similar issues before. have you checked if your API key has the right permissions? sometimes the admin needs to grant specific access for course modifications. also, double-check you’re using the correct API version - they occasionally change permissions between versions. good luck!
I’ve encountered this exact problem before, and it can be frustrating. In my experience, the 403 error often stems from insufficient role privileges rather than API key permissions. Make sure your account has the ‘Manage Courses’ capability enabled in D2L.
To verify this, you can ask your D2L administrator to check your role settings. They should look for the ‘Manage Courses and Templates’ permission under the ‘Teaching and Learning’ category. If that’s already set, the issue might be with the specific course - ensure you have the appropriate instructor or administrator role assigned for that particular course.
Also, double-check that your OAuth 2.0 app is configured with the correct scope. For course modifications, you typically need the ‘core::’ scope. If all else fails, try regenerating your API key and secret as a last resort.