Typically this error indicates an issue with the Basic Authentication token, as this is where the Client ID and Secret are validated. Here is documentation for the token:
"The Authorization header is created by base64-encoding the app's client ID and client secret. To encode these values, open an encoding site, for example, Base64Encode.org, and paste in the client ID, add a colon (:), and then paste in the client secret. No spaces, no quotes, no brackets. Submit the values and an encoded value is returned that will look something like:
YTIwfAKeNGYtODY4YS00MzM5LTkzNGYtNGRhMmQ3ODhkMGFhOjNuYU8xMElBMmFnY3ZHKzlJOVRHRVE9PQ==
Add this value to the Authorization header after the word Basic."
As to your questions:
What is the difference between Account ID, Client ID, and Account Key?
AccountKeys identify the GoTo account itself. These are used in several of the APIs.
Account IDs, I assume, are the billing entities and are not used in the APIs at all.
Client IDs are used to get Access Tokens only. They are "accountless", which means any GoTo user can use any Client ID to get an access token with proper Client ID and Secret combinations.
Is scope required?
Yes, certain scopes are required to perform specific actions using the APIs
What are the correct values for SCIM/API?
Not sure what you mean here.
Can I use only Account Key, without Client ID?
No. Client IDs are required to get Access Tokens which are needed to use any API.
Is the endpoint https://authentication.logmeininc.com/oauth/token
always the same?
Yes. It is used in all Token flows (implicit, authorization code, refresh token)
Is there an alternative flow without client_id or client_secret?
No.
For WebSocket and audio streaming, are there specific permissions or scopes?
We do not offer live audio streams for calls at this time.
