Api Error "You do not have access to this route."

Patrick Labes
Patrick Labes
Name Dropper First Anniversary Facilitator 1 December 2023 Challenge: Season of Giving
in Education Management APIs

I am having an issue trying to return the assignments assigned to a student. I am getting the following error;

{"errors":[{"message":"You do not have access to this route.","error_code":401,"error_name":"ServiceClientException","raw_message":"You do not have access to this route."}]}

For context I am first making a request to the endpoint below;
https://api.sky.blackbaud.com/school/v1/academics/student/{{STUDENT_ID}}/sections

Docs;
https://developer.sky.blackbaud.com/docs/services/school/operations/V1AcademicsStudentByStudent_idSectionsGet

We are then using the returned section_id to make requests to the endpoint below;
https://api.sky.blackbaud.com/school/v1/academics/sections/{{SECTION_ID}}/assignments

Docs;
https://developer.sky.blackbaud.com/api#api=school&operation=V1AcademicsSectionsBySection_idAssignmentsGet

This was working with out Development environment but in production we are having issues.

Thanks!

Comments

  • Stephen Boyle
    Stephen Boyle Blackbaud Employee
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    @Patrick Labes
    It may be because the Sections for a student endpoint is for end users (e.g. students, parents, faculty) as opposed to admin users (e.g. Gradebook Manager). It has an additional security check to ensure the user calling the endpoint has the right to see data for the student passed in as the endpoint parameter. The use case is for a student or parent calling for their assignments from a mobile app, for instance. They only have access to their own classes. If someone is both a teacher and an admin user, then this endpoint would still work. But it will not work for just an admin user.

    The Academics student enrollment list is meant for admin users (i.e. Schedule Manager or Academic Group Manager).

  • Patrick Labes
    Patrick Labes
    Name Dropper First Anniversary Facilitator 1 December 2023 Challenge: Season of Giving

    @Stephen Boyle
    Thanks for your response. Sorry I think I needed more context. We are making the request as the parent using their token.
    We are making a request to school/v1/users/me to grab the users details and if the user is a parent, if they are a parent we make a request to the school/v1/users/{{STUDENT_ID}}/students endpoint and then we make the previous posts requests

    In the above case it should be fine right?

  • Stephen Boyle
    Stephen Boyle Blackbaud Employee
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    @Patrick Labes
    You are correct. That is the scenario that would allow the user to call that endpoint.

    So for parents, we check to make sure they have a relationship with the student with Parental access or List as parent checked on. If your parent user has that, then I'd suggest you file a case with Support so we can dig in to it.

Categories