Hi, we were testing out our application on production and when we were trying to pay for the order via the /v1/orders/orderId/pay endpoint, we're getting a 403 error. As far as I could search the forums for the error we think the problem here is, we don't have the customers read permissions on the prod yet.
When we were testing the app on sandbox env, I think we didn't require the customers read permission. Right now we have the customers read in our sandbox as well which we had turned on for some other purpose(if I remember correctly). Is the customers read permission something that has recently been added to the pay endpoint? We don't need expandable fields while paying.
Is there any other way we could pay for the order using source without that permission? I see even the order read requires customer permissions.