Yesterday there was a change in the provisioning API that may be causing errors for some applications. The provisioning API is considered "userless" and does not use the xoauth_requestor_id parameter when access with 2-legged OAuth.
Previously, the API ignored this parameter if set. The API no longer accepts requests with xoauth_requestor_id and now return a 401 error with the error message "Token invalid - AuthSub token has wrong scope." If you're application is seeing these errors, removing the xoauth_requestor_id parameter will correct the problem.
We apologize for the inconvenience this change has caused. The "userless" nature of the Provisioning API 2-legged oauth was only lightly documented in the Best Practices guide, and we've filed a bug to document it more thoroughly.
