Starting from version 2023-05-01, ALL endpoints that authenticate using an access token require a strict access token. A strict access token is reserved for access to only a single company. Requests using tokens that do not meet this requirement shall be responded with a forbidden (403) status. This is the first step in improving our OAuth token management. To learn more about strict access please read the Strict Access guide.
Reference our v2023-05-01
changelog for more details
To learn more about versions in our API, read the API Versioning guide.