Pipeline variables API — 403 Error with Project Access Token

Hello,

I am trying to query the GitLab Pipeline Variables API in a CI job using a Project Access Token as an authentication mean but I am getting the following error:

HTTPError('403 Client Error: Forbidden for url: https://gitlab.com/api/v4/projects/****/pipelines/****/variables')

(project and pipeline IDs redacted).

However, trying to query the Single Pipeline API in the same CI job does work as expected.

The same code running locally with a Personal Access Token also work as expected, both for the Single Pipeline and Pipeline Variables API.

Also I should mention that the Project Access Token used in my CI job is obtained from a masked CI/CD variable whose value is the Project Access Token for a different project than the project the CI job belongs to.

My questions are:

  • Am I using this Project Access Token as intended?
  • Is that behavior (403 error for the Pipeline Variables API) expected or is this a bug to report?
  • How can I then query the Pipeline Variables API for another project in my CI job, short of using a Personal Access Token.

Thank you for your help,

J.

Edit — It simply turned out that the access token required maintainer privileges.