permission denied while accessing email address of current login user in http function

In this code I am trying to get the email address of the user based on the payment capture. If the payment is successful I want it to show a success message with user email to check who has made the payment. Every thing thing is working in the log but I am getting this error “[“Error getting member email: Error: message: Permission Denied\ndetails:\n applicationError:\n description: Forbidden\n code: FORBIDDEN\n data: {}”]”

import { currentMember } from ‘wix-members-backend’ ;
import { ok } from ‘wix-http-functions’ ;

export async function use_razor ( request ) {
console . log ( request ); // log the request object to the console
const body = await request . body . json ();
console . log ( body ); // log the request body to the console
const pay = body . payload . payment ;

console . log ( pay ); // log the payment object to the console

let email ;
if ( pay . entity . status === ‘captured’ ) {

email  =  **await**  currentMember . getMember () 
  . then (( member ) => { 
    **return**  member . loginEmail ; 
  }) 
  . **catch** (( error ) => { 
    console . error ( error ); 
  }); 

console . log ( email );  // log the email address to the console 
**const**  response  = { 
  "headers" : {  "Content-Type" :  "application/json"  }, 
  "statusCode" :  200 , 
  "body" :  JSON . stringify ({  "message" :  "Payment successful!"  }) 
}; 
console . log ( response );  // log the response object to the console 
**return**  ok ( response ); 

} else {
const response = {
“headers” : { “Content-Type” : “application/json” },
“statusCode” : 200 ,
“body” : JSON . stringify ({ “message” : “NOOOOOOOOOOOO” })
};
console . log ( response ); // log the response object to the console
return ok ( response );
}
}

I would imagine that your forbidden error is perhaps related to the user not being logged in? Are you also testing on a published site?

Another issue in your code is that you are mixing up promise styles and are using await and .then() .catch()

If you are using await you will want to wrap your code in a try/catch block. If you are using promise chaining you should not also use await.

Finally, make sure to be careful with the security of your application if you intend to return PII to the FE with this code.