First time Postman user here… trying to get an Access Token and refresh token for Blackbaud
I am using a POST option with a /token call
my params are blank
in the “Authorize” section:
Header Prefix is "Bearer"
Token Name is "Access"
Grant Type = "client_Credentials"
ClientID is filled in
Client Secret is filled in
Scope is empty ... no sure what this is supposed to be
This the response i receive:
error is “Invalid_Scope”
“The Scope_Parameter was not included in the request”
Hey @tthornhill1980 
Welcome to the Postman Community! 
You can find more information about scopes here. They are used to limit an application’s access to a user’s account. Different APIs use these in different ways, the link above will show you references to how other companies use these for their APIs.
Can you share the link to the Public documentation that you’re using please? This might help get you closer to a specific answer, for the API your using.
Scope is normally used by “OAuth 2.0” password or authorization code flows (which usually involve user logins).
I use the password grant type to authenticate against Microsoft and the scope is setup to “OpenID email” for example.
It’s not usually needed for client_credentials because the trust is already there. (As the application is requesting access).
If this is the API in question. It doesn’t have any example requests with what they need in the scope.
It also seems to recommend the “authorisation code” grant type so I do wonder if this is the correct API!
The documentation does have a scope area, but I don’t think that is related to the OAuth authorisation flow, but the application permissions.
It would seem that they have their own forums, so this might be better to pose this question there as well.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.