Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lasscyber.com/llms.txt

Use this file to discover all available pages before exploring further.

HTTP status403 Forbidden
Codeemail_not_verified
Retry?No — verify your email, then retry.

When this happens

A JWT-authenticated user (i.e. the dashboard, or a tool reusing dashboard JWTs) has not yet completed Auth0 email verification. The API requires verified email before allowing protected operations. API key authentication is not affected — keys belong to a tenant, not a user, so there is no email to verify.

Example response

{
  "detail": {
    "code": "email_not_verified",
    "message": "Email address must be verified before accessing the API."
  },
  "code": "email_not_verified",
  "request_id": "5b3f6c7e-7d24-4d40-9b12-3a59c01c6e91",
  "doc_url": "https://docs.lasscyber.com/errors/email_not_verified"
}

How to fix

  1. Open the verification email Auth0 sent at sign-up. Click the link.
  2. If you cannot find it, sign in to agnes.lasscyber.com — the gate page surfaces a Resend email button.
  3. After verifying, sign out and back in to refresh your JWT.

SDK behaviour

SDKException
Pythonagnes.PermissionError (with code == "email_not_verified")
TypeScriptPermissionError (with code === "email_not_verified")
This is rare in SDK code paths — SDKs typically authenticate with API keys, not JWTs. If you see it from an SDK, you are either using a JWT-based extension or a custom integration that mints JWTs.