× FreshBooks App Logo
FreshBooks
Official App
Free - Google Play
Get it
You're currently on our US site. Select your regional site here:
Back
Try It Free Login
Contact Us

Call Toll Free: 1.866.303.6061

1-888-674-3175

Try It Free Login
Login Try it Free
1.866.303.6061 1-888-674-3175 Contact Us Try It Free Login
Introduction Postman Collection Tools and Libraries Social Login
Authentication Scopes Identity Model
Search, Paging and Includes Active, Archived, and Deleted Errors Request Limits How to create your FreshBooks app listing
Tutorials Path 413 Created with Sketch.
Get Authenticated On The FreshBooks API How To Find The Right Scopes For Your App Getting Started with FreshBooks NodeJS SDK Receive Online Payments with Checkout API Enabling Online Payments On An Invoice Credit Card Tokenization
Bearer tokens replaced with JWT tokens
Clients Update Secondary Contacts Credits
Invoices Invoice Profiles Invoice Presentation and Attachments Payments Online Payments Other Income Taxes
Expenses Expense Categories Expense Attachments Bill Vendors (beta) Bills (beta) Bill Payments (beta)
Estimates
Time Entries
Services Projects
Team Members Staff
Reports
Journal Entries
Webhook Callbacks
Gateways Items Systems Tasks

How To Find The Right Scopes For Your App

If you created your FreshBooks OAuth app before October 2021, then youā€™ll need to make sure to modify and add scopes to it. If you’re wondering what scopes is, check out our documentation that has everything you need to know here.

There are two ways to find the scopes required for your application:

Reading the Documentation

Start with reading the dedicated scopes page or the individual API page for the APIs that are in use by your application. The main scopes page gives you a summary of the scopes available for the FreshBooks APIs, while on the individual API pages, we have specified the access requirements for that API call.

For example, you can see the access requirement for the Clients API on the Client API docs page.

The API Error Response

As of October 2021, we now report on missing scopes in API calls. When you make an API call with insufficient scopes, you will receive an HTTP error with status code 403, which will include a message containing two things:

1. The scopes you provided
2. The scopes needed for the API call 

To best prepare your app, we suggest creating a duplicate app from the developer portal and making API calls that your production app requires. Make a note of all the scopes you require to run your application. Once you have identified the scopes you require, go ahead and edit your application to include the scopes and test it again. When you have verified that you are able to make all the API calls needed to run your app, you can then edit your production app to include the necessary scopes. Keep in mind that youā€™ll need your appā€™s users to authorize your app once again.

Letā€™s look at an example of how to do this. As you see in the screenshot, we have an app named ā€˜Time Tracker – 24 Hourā€™ which has the ā€˜admin:all:legacyā€™ scope:

This app makes Get calls to the time entries, projects, clients, billable items, me endpoint. It also makes a Post call to the time entries endpoint. Letā€™s review what scopes this app will need to work smoothly.


To identify this, we have created a staging app named ā€˜Test- TT -24 hourā€™ with a single scope ā€˜user:profile:readā€™:

First, weā€™ll authorize the test app and generate a bearer token. Once we have the bearer token, we will make the API calls required by our app using postman. Below youā€™ll see an example where we made a time entries API call and got an error response with HTTP error code 403, which included a message naming the scope we are missing: ā€˜user:time_entries:readā€™.

Postman Get Time_Entries

After making all the API calls, we noted that the following scopes will be required by our app

user:time_entries:read
user:time_entries:write
user:projects:read
user:clients:read
user:billable_items:read

Weā€™ll have to add these scopes to our staging app, re-authorize, and get a new bearer token. Using the new bearer token, make the API calls once again to ensure you did not miss any scopes.

Now that weā€™ve tested out our scopes, weā€™ll add this to our production app ā€˜Time Tracker – 24 Hourā€™. The next step will be to provide the new authorization link to our app users, so that theyā€™re able to reauthorize the app.

Time Tracker - 24 Hour OAuth Dialog

Still have questions? Is something not working right? Donā€™t hesitate to reach out to us at api@freshbooks.com