[object Object]
15% OFF ON ANY PLANEnds in 15 42 05Claim now →15% OFF ON ANY PLANEnds in 15 42 05Claim now →15% OFF ON ANY PLANEnds in 15 42 05Claim now →15% OFF ON ANY PLANEnds in 15 42 05Claim now →15% OFF ON ANY PLANEnds in 15 42 05Claim now →15% OFF ON ANY PLANEnds in 15 42 05Claim now →
Login
Menu

Product

PricingIntegrationsFeaturesTemplates
new
Changelog
new

Support

Community
On-boarding
Help centre
Contact usExpertsStatus

Resources

Stories & SetupsAlternativesComparisonsSolutionsFree toolsMagazine

Company

AboutIn the pressBrand assetsAffiliates

Platforms

API docs
iPhone & iPad
Android
Twitter
YouTube
Instagram
Linkedin

All powered by

AI that runs your entire business as if it were you

Proposals drafted, invoices chased, clients updated - ask, and its done.

Learn more

Help Center / API and developers /

Common API errors

Most Plutio API errors come from authentication, missing workspace headers, disabled workspace access, permissions, or webhook configuration. Start with the exact response code and message, then check the token, the business header, and the API client configuration.

Quick checklist

Check the token, workspace header, and client workspace access before changing integration code. The same token can authenticate correctly but still fail if the request points at the wrong workspace.

  • Confirm the request uses Authorization: Bearer ACCESS_TOKEN.
  • Confirm the request includes business: YOUR_PLUTIO_SUBDOMAIN.
  • Confirm the subdomain matches a workspace enabled for that API client.
  • Confirm the token has not expired. Tokens are valid for 72 hours.
  • Confirm the user behind the API client has permission to perform the action.

Business undefined is not enabled for this client

This error means the business header is missing or empty. Plutio checks the workspace subdomain from the request header after the OAuth token is accepted. If the header is missing, the response can read {"code":400,"message":"Business undefined is not enabled for this client."}.

Add a business header with the first part of the workspace domain. For https://the-ceramic-school.plutio.com, send business: the-ceramic-school.

Business is not enabled for this client

This error means the token is valid, but the API client is not enabled for the workspace in the business header. The API client stores the workspaces it can access. Plutio compares that list with the header value on every API request.

Open the API client in Settings > API manager, check the workspaces selected for the client, and either enable the target workspace or send the correct subdomain in the request header.

401 unauthorized

A 401 response means the access token is missing, invalid, or expired. Generate a fresh token with the client_credentials grant at /oauth/token, then send the returned token in the Authorization header.

Do not reuse the client secret as a bearer token. The client ID and client secret only create the temporary access token.

403 forbidden

A 403 response means the authenticated user is not allowed to perform that action. The API client can authenticate, but the user or role behind the client cannot create, edit, remove, or view the requested entity.

Check the workspace role, entity permissions, and whether the endpoint is available for that entity type.

Webhook event methods do not create read-only API access

The method list on an API client controls outbound webhook events, not API endpoint permissions. Selecting or unselecting methods changes which events are sent to webhook URLs. It does not make the REST API read-only, and it does not block API calls to endpoints.

Plutio does not currently offer per-client read-only REST API access. The workspace selector limits which workspaces the client can be used with, not which API endpoints are read-only.

Continue learning

More on API and developers

API overview

Plutio's REST API lets external tools read and write workspace data. Learn how OAuth2 tokens, request headers, workspaces, and supported resources fit together.

API client management

API clients are the credentials and webhook settings that external tools use to authenticate with Plutio and receive selected event updates.

Webhook integration

Outbound webhooks send selected Plutio events to external URLs. Use them to trigger Zapier, Make, n8n, or custom services when workspace data changes.

API and third-party connections

Plutio's REST API and webhook system connect workspace data to Zapier, Make, n8n, and custom tools.