Api Error "You do not have access to this route."
I am having an issue trying to return the assignments assigned to a student. I am getting the following error;
{"errors":[{"message":"You do not have access to this route.","error_code":401,"error_name":"ServiceClientException","raw_message":"You do not have access to this route."}]}
For context I am first making a request to the endpoint below;
https://api.sky.blackbaud.com/school/v1/academics/student/{{STUDENT_ID}}/sections
We are then using the returned section_id to make requests to the endpoint below;
https://api.sky.blackbaud.com/school/v1/academics/sections/{{SECTION_ID}}/assignments
Docs;
https://developer.sky.blackbaud.com/api#api=school&operation=V1AcademicsSectionsBySection_idAssignmentsGet
This was working with out Development environment but in production we are having issues.
Thanks!
Comments
-
@Patrick Labes
It may be because the Sections for a student endpoint is for end users (e.g. students, parents, faculty) as opposed to admin users (e.g. Gradebook Manager). It has an additional security check to ensure the user calling the endpoint has the right to see data for the student passed in as the endpoint parameter. The use case is for a student or parent calling for their assignments from a mobile app, for instance. They only have access to their own classes. If someone is both a teacher and an admin user, then this endpoint would still work. But it will not work for just an admin user.The Academics student enrollment list is meant for admin users (i.e. Schedule Manager or Academic Group Manager).
0 -
@Stephen Boyle
Thanks for your response. Sorry I think I needed more context. We are making the request as the parent using their token.
We are making a request to school/v1/users/me to grab the users details and if the user is a parent, if they are a parent we make a request to the school/v1/users/{{STUDENT_ID}}/students endpoint and then we make the previous posts requestsIn the above case it should be fine right?
0 -
@Patrick Labes
You are correct. That is the scenario that would allow the user to call that endpoint.So for parents, we check to make sure they have a relationship with the student with Parental access or List as parent checked on. If your parent user has that, then I'd suggest you file a case with Support so we can dig in to it.
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 210 bbcon®
- 1.4K Blackbaud Altru®
- 395 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 649 Blackbaud Grantmaking™
- 567 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 937 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.5K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 247 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 239 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 31 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 784 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)