I was trying to create new project in BIM 360 using this API. I thought, to create new project it may need an end user to authorize my Forge app. So I user 3-legged bearer token to request new project. But gave forbidden response saying
{
"code": 1003,
"message": "Only support 2 legged access token."
}
Whereas by using 2-legged token, it created project successfully.
Why this API works with 2-legged and not with 3-legged token, even if 3-legged token is valid?
This is documented here, see Authentication Context: app only
At the moment of creating, there are no users on the project, therefore the 2LO key is required.