Skip to content
Login
  • There are no suggestions because the search field is empty.

Quick Start: Testing the ScopeStack API

This guide gets you from zero to a working API token in under 5 minutes.

Before You Start

⚠️ Common Mistake: If you're using Postman and see "Password Credentials" as a grant type option, do not select it. This causes an error. Use one of the two methods below instead.

Which Method Should I Use?

I want to explore the API interactively

I want to test how my automation will connect

Use Method A: Browser Login

Use Method B: Direct POST

A browser window opens, you log into ScopeStack, and the token is returned automatically.

You send credentials directly—no browser, no redirect. This mimics how Workato and other automation platforms connect.

Both methods give you the same result: an access token you can use to make API calls. Pick the one that fits your situation.

Method A: Browser Login (Authorization Code Flow)

This is the easiest way to get a token when you're sitting at your computer testing things out.

What You Need

  • Your Client ID and Client Secret (contact ScopeStack support if you don't have these)
  • A ScopeStack user account you can log into

Steps

  1. In Postman, go to the Authorization tab of your request or collection
  2. Set Auth Type to OAuth 2.0
  3. Configure these settings:
    • Grant Type: Authorization Code
    • Callback URL: Provided by the application
    • Auth URL: https://app.scopestack.io/oauth/authorize
    • Access Token URL: https://app.scopestack.io/oauth/token
    • Client ID: Your client ID
    • Client Secret: Your client secret
    • Scope: read write
  4. Click Get New Access Token
  5. A browser window opens—log into ScopeStack (including SSO/MFA if your account requires it)
  6. After login, Postman receives the token automatically
  7. Click Use Token

That's it. Your requests will now include the access token in the Authorization header.

Method B: Direct POST (Resource Owner Password Grant)

Use this method to test the exact flow your automation platform will use. No browser, no redirect—just a direct exchange of credentials for a token.

What You Need

  • Your Client ID and Client Secret
  • A service account username and password (see the Building Integrations guide for setup)

Steps

  1. Create a new POST request
  2. Set the URL to: https://app.scopestack.io/oauth/token
  3. Go to the Authorization tab and set it to No Auth
  4. Go to the Body tab
  5. Select x-www-form-urlencoded
  6. Add these key-value pairs and click Send

Key

Value

grant_type

password

client_id

Your client ID

client_secret

Your client secret

username

Your service account email

password

Your service account password

You'll get a JSON response with your access_token and refresh_token. Copy the access_token to use in your API requests.

Verify It Worked

Make a test call to confirm your token is working and you're connected to the right account:

  1. Create a GET request to: https://api.scopestack.io/v1/me
  2. Add these headers:
    • Authorization: Bearer {your_access_token}
    • Accept: application/vnd.api+json
  3. Click Send

You should see a 200 OK response with your user information, including the account-slug and account-id you'll need for other API calls.

Something Went Wrong?

Error

What to Do

invalid_grant with "redirect URI" message

You probably selected "Password Credentials" in Postman's OAuth helper. Use Method B (direct POST) instead, or switch to Authorization Code for Method A.

401 Unauthorized

Check that your access token is included in the Authorization header and hasn't expired.

403 Forbidden

Your token works, but your user doesn't have permission for that action. Check your user's role in ScopeStack.

Missing Accept header error

Add the header: Accept: application/vnd.api+json

For more detailed troubleshooting, see the Troubleshooting API Authentication guide.