Getting Started with the Dynamic Planner Open API

Welcome to the Dynamic Planner Open API. This guide gives you the essentials to start integrating with our platform quickly and securely.

3. Core Concepts

  • Clients & Relationships: People and their relationships (including Self-Relationships).

  • Organisation Units (OUs): Determine data visibility and access.

  • Entity Visibility: If you can’t see data, check OU hierarchy.

More info: https://open.dynamicplanner.com/docs/ConceptsLorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Authentication Overview

To access the Dynamic Planner API securely, developers must authenticate using one of the supported methods. This section outlines the available authentication mechanisms and how to implement them.

OAuth 2.0 Authorization Code Flow

The Authorization Code Flow is designed for applications that need to access the Dynamic Planner API on behalf of a user, such as web or mobile apps. This flow ensures secure delegated access using short-lived tokens.

Overview

This flow involves:

  1. Redirecting the user to Dynamic Planner's authorization server.

  2. Receiving an authorization code.

  3. Exchanging the code for an access token.

  4. Using the access token to call the API.

Credentials Provided by Dynamic Planner

When you register your application in the Dynamic Planner Developer Portal, you will be issued:

  • Client ID – A public identifier for your application.

  • Client Secret – A confidential key used to authenticate your app.

⚠️ Important Security Notice


Your client_id and client_secret must be stored securely.

Never expose these credentials in public repositories, client-side code, or share them externally.

Treat them as sensitive credentials and rotate them periodically if needed.

Step-by-Step Guide

1. Redirect User to Authorization Endpoint

GET https://auth.dynamicplanner.com/oauth2/authorize

Required query parameters:

  • response_type=code

  • client_id=YOUR_CLIENT_ID

  • redirect_uri=YOUR_REDIRECT_URI

  • scope=YOUR_SCOPE

  • state=RANDOM_STRING (recommended for CSRF protection)

Example:

GET https://auth.dynamicplanner.com/oauth2/authorize?   response_type=code&   client_id=abc123&   redirect_uri=https://yourapp.com/callback&   scope=read:plans write:plans&   state=xyz456

2. Handle Redirect with Authorization Code

After user consent, they’ll be redirected to your redirect_uri with a code:

https://yourapp.com/callback?code=AUTH_CODE&state=xyz456

3. Exchange Code for Access Token

POST https://auth.dynamicplanner.com/oauth2/token

Headers:

Content-Type: application/x-www-form-urlencoded

Body:

grant_type=authorization_code code=AUTH_CODE redirect_uri=YOUR_REDIRECT_URI client_id=YOUR_CLIENT_ID client_secret=YOUR_CLIENT_SECRET

4. Use Access Token

Include the token in your API requests:

Authorization: Bearer ACCESS_TOKEN

Token Refresh

Access tokens are short-lived. To maintain access without requiring the user to re-authenticate, use the refresh token to obtain a new access token.

POST https://auth.dynamicplanner.com/oauth2/token

Body:

grant_type=refresh_token refresh_token=YOUR_REFRESH_TOKEN client_id=YOUR_CLIENT_ID client_secret=YOUR_CLIENT_SECRET

The response will include a new access token and possibly a new refresh token.

Scope Keys

Scopes define what access your app is requesting. Examples include:

  • read:plans

  • write:plans

  • read:clients

Ensure the scopes are registered with your app and match what’s requested during authorization.

Notes

  • Tokens are short-lived and may require refreshing.

  • Always validate the state parameter to prevent CSRF attacks.

  • Ensure your redirect_uri is registered and matches exactly.

For more details, refer to the https://open.dynamicplanner.com.

️ OAuth 2.0 Client Credentials Flow

The Client Credentials Flow is used for server-to-server integrations where no user interaction is required.

Overview

This flow allows your application to authenticate directly with the authorization server and obtain an access token.

Step-by-Step Guide

1. Request Access Token

POST https://auth.dynamicplanner.com/oauth2/token

Headers:

Content-Type: application/x-www-form-urlencoded

Body:

grant_type=client_credentials client_id=YOUR_CLIENT_ID client_secret=YOUR_CLIENT_SECRET scope=YOUR_SCOPE

2. Use Access Token

Include the token in your API requests:

Authorization: Bearer ACCESS_TOKEN

Scope Keys

Scopes define the level of access granted to the token. Examples:

  • read:plans

  • write:plans

  • read:clients

Ensure the scopes are configured correctly for your application in the Developer Portal.

Notes

  • This flow is ideal for background services and daemons.

  • No refresh token is issued in this flow.

  • Tokens are short-lived and must be re-requested when expired.

1. Authentication & Authorisation

  • Subscription Key: Required on every request in the header:
    Ocp-Apim-Subscription-Key: {your-key}

  • OAuth 2.0 Access Token: Obtain a token from our Identity Server using the agreed flow (e.g., Client Credentials, Auth Code + PKCE).

  • Headers:

    Authorization: Bearer {ACCESS_TOKEN} Ocp-Apim-Subscription-Key: {OCP_APIM_KEY}

  • Some CRM endpoints also require a scopeKey.

2. Base URLs

  • CRM: https://open-api.dynamicplanner.com/crm/v1

  • Finances: https://open-api.dynamicplanner.com/finances/v1

  • Profiling: Appears under /profiling/v1 when enabled.

Explore endpoints in https://open.dynamicplanner.com/swagger-ui/.