chore: bump version to 1.27.5 and enhance error handling for token refresh failures

Author: nadeem-cs

.talismanrc

@@ -9,7 +9,7 @@ fileignoreconfig:
     ignore_detectors:
       - filecontent
   - filename: package-lock.json
-    checksum: 751efa34d2f832c7b99771568b5125d929dab095784b6e4ea659daaa612994c8
+    checksum: 3dd53c4ecc763a41e74059c92fc97a0ad9f3da8877d6f5862d0d0108deef95d7
   - filename: .husky/pre-commit
     checksum: 52a664f536cf5d1be0bea19cb6031ca6e8107b45b6314fe7d47b7fad7d800632
   - filename: test/sanity-check/api/user-test.js

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [v1.27.5](https://github.com/contentstack/contentstack-management-javascript/tree/v1.27.5) (2026-02-16)
+ - Fix
+   - Skip token refresh on 401 when API returns error_code 161 (environment/permission) so the actual API error is returned instead of triggering refresh and a generic "Unable to refresh token" message
+   - When token refresh fails after a 401, return the original API error (error_message, error_code) instead of the generic "Unable to refresh token" message
+
 ## [v1.27.4](https://github.com/contentstack/contentstack-management-javascript/tree/v1.27.4) (2026-02-02)
  - Fix
    - Removed content-type header from the release delete method

lib/core/concurrency-queue.js

@@ -400,16 +400,33 @@ export function ConcurrencyQueue ({ axios, config, plugins = [] }) {
         this.config.authtoken = token.authtoken
       }
     }).catch((error) => {
+      const apiError = this._last401ApiError
+      if (apiError) {
+        this._last401ApiError = null
+      }
       this.queue.forEach(queueItem => {
-        queueItem.reject({
-          errorCode: '401',
-          errorMessage: (error instanceof Error) ? error.message : error,
-          code: 'Unauthorized',
-          message: 'Unable to refresh token',
-          name: 'Token Error',
-          config: queueItem.request,
-          stack: (error instanceof Error) ? error.stack : null
-        })
+        if (apiError) {
+          queueItem.reject({
+            errorCode: apiError.error_code ?? '401',
+            errorMessage: apiError.error_message || apiError.message || ((error instanceof Error) ? error.message : String(error)),
+            code: 'Unauthorized',
+            message: apiError.error_message || apiError.message || 'Unable to refresh token',
+            name: 'Token Error',
+            config: queueItem.request,
+            stack: (error instanceof Error) ? error.stack : null,
+            response: { status: 401, statusText: 'Unauthorized', data: apiError }
+          })
+        } else {
+          queueItem.reject({
+            errorCode: '401',
+            errorMessage: (error instanceof Error) ? error.message : error,
+            code: 'Unauthorized',
+            message: 'Unable to refresh token',
+            name: 'Token Error',
+            config: queueItem.request,
+            stack: (error instanceof Error) ? error.stack : null
+          })
+        }
       })
       this.queue = []
       this.running = []
@@ -511,6 +528,8 @@ export function ConcurrencyQueue ({ axios, config, plugins = [] }) {
         return Promise.reject(responseHandler(err))
       }
       this.running.shift()
+      // Store original API error so we can return it if refresh fails (instead of generic message)
+      this._last401ApiError = response.data
       // Cool down the running requests
       delay(wait, response.status === 401)
       error.config.retryCount = networkError

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@contentstack/management",
-  "version": "1.27.4",
+  "version": "1.27.5",
   "description": "The Content Management API is used to manage the content of your Contentstack account",
   "main": "./dist/node/contentstack-management.js",
   "browser": "./dist/web/contentstack-management.js",
@@ -54,13 +54,13 @@
   "dependencies": {
     "@contentstack/utils": "^1.6.3",
     "assert": "^2.1.0",
-    "axios": "^1.12.2",
+    "axios": "^1.13.5",
     "buffer": "^6.0.3",
     "form-data": "^4.0.5",
     "husky": "^9.1.7",
     "lodash": "^4.17.23",
     "otplib": "^12.0.1",
-    "qs": "6.14.1",
+    "qs": "^6.14.1",
     "stream-browserify": "^3.0.0"
   },
   "keywords": [