Difficulty hitting some endpoints outside of API Explorer

[ThaliaLaPommeray]

Related Product Check Ins, Giving, Groups, Publishing & Services

Describe the question I am working on integrating the planning center api into a single church app. Using the API Explorer I can see data in almost scope which should mean I should have returned data from the endpoints I'm attempting to hit, correct? Feel free to correct me if I am wrong on this I've been using Postman to try each endpoint using OAUTH2.0 authorization using the provided client ID and secret

The only product that returns data is People, while every other product shows data in the API Explorer, they cannot be hit using Postman without a 401 error:

            "code": "bad_scope",
            "title": "Request outside authenticated scope",
            "status": "401",
            "detail": "The API credentials do not have access to the application check ins" 

How can I increase our authenticated scope so I'm able to tap into those endpoints outside of the API Explorer? or am I using the wrong token since error documentation refers to a 401 as You did not use the proper API token and/or secret.?

What have you tried that worked? I am able to grab an access token / authentication completes

What have you tried that didn't work? hitting Check-ins, giving, groups, publishing, and services endpoints without using the api explorer provided in the developerAPI portal for example, Check ins uses this url (https://api.planningcenteronline.com/check-ins/v2/check_ins) and while the API Explorer returns and shows data when I attempt to hit the endpoint via postman I get the 401 error provided above

Additional context

I have..

• [x] Reviewed the documentation found at https://developer.planning.center/docs
• [x] Searched for previous issues answering this question
• [x] Removed all private information from this issue (credentials, tokens, emails, phone numbers, etc.)
• [x] Reviewed my issue for completeness

[seven1m]

I bet there's a way to use OAuth with Postman, but I personally have never done it. If you are just testing stuff locally, using a Personal Access Token (scroll to the bottom of the page) would be much easier. Otherwise, you'd need to set up some server to handle the redirect of OAuth and then fetch the token.

[seven1m]

Oh, I should say that the API Explorer uses session authentication (based on your Planning Center session cookie), and there's no good way to mimic that with Postman. So using a Personal Access Token is probably the best!

[ThaliaLaPommeray]

Using the personal access token was the first route I went about trying before using OAuth & I could not hit any endpoint without getting a HTTP Basic: Access denied error. If it helps at all: Using Postman again lol, I have GET https://api.planningcenteronline.com/people/v2/app_id=(applicationID)&secret=(secret)

[seven1m]

Ahhh, for HTTP Basic auth using a Personal Access Token, you'll need to configure Postman like this:

[ThaliaLaPommeray]

thank you so much for the screenshot, I got it working! For the app we're developing (currently this would be an iOS & android app) would you suggest we use the personal access token as well to hit these endpoints? Should they work okay?

[seven1m]

No, I'm sorry. A Personal Access Token is like a password and would allow anyone who obtains that token to do anything on your behalf.

For a mobile app, you will need to get OAuth working. The mobile app has its client ID and secret and does the whole OAuth song-and-dance to allow an end-user to log in as themself. Then you get a token that allows the mobile app to interact with the API as if it were that user.

We have some information about how OAuth works here: https://developer.planning.center/docs/#/overview/authentication

I hope that helps get you started! Please let us know if you have more questions...