inChurch
Getting Started

Authentication

The InChurch API uses basicAuthentication with API Key and Secret to secure all requests. This guide explains how to create API clients, manage credentials, and authenticate your requests.

API Client Management

Creating an API Client

  1. Access your InChurch admin panel
  2. Go to the (API Module]((https://admin.inchurch.com.br/api/clientes)) (requires admin privileges)
  3. Navigate to API → API Clients
  4. Click "Create"
  5. Fill in the client details:
    • Name: Descriptive name (e.g., "Mobile App", "N8N Integration")
    • Scope: Choose denomination, regional, or local access
    • Permissions: Select resource and action scopes . Copy and save the API Key and API Secret ()

API Client Scopes

Every API client must have a unique scope level:

ScopeDescriptionAccess Level
DenominationFull access across all churches in the denominationHighest
RegionalAccess to churches within a specific regionMedium
LocalAccess to a single local churchLowest

Permission System

Permissions follow the format <resource>:<method> where methods include:

  • GET - Retrieve or view data
  • POST - Create new data
  • PATCH - Update existing data
  • DELETE - Remove data

Examples:

  • people:GET - Retrieve member information
  • donations:POST - Create new donations
  • donations:PATCH - Update existing donations
  • events:DELETE - Delete events

Important

If no specific scopes are defined, the API client will have access to all actions on all endpoints within its scope level.

API Credentials

API Key & Secret

When you create an API client, you'll receive:

  • API Key: Public identifier (immutable, safe to log)
  • API Secret: Private key (shown only once, never stored in plaintext)

Never share your API Secret!

It's displayed only once during creation. If compromised, immediately revoke and regenerate it through the admin panel. Also, never share the Base64 encoded credentials as they provide direct API access.

Credential Storage

Store your credentials securely:

TerminalCode
 
# Environment variables (recommended)
INCHURCH_API_KEY=your_api_key_here
INCHURCH_API_SECRET=your_api_secret_here

Making Authenticated Requests

Required Headers

Include these headers in all API requests:

Code
 
Authorization: Basic {BASE64_ENCODED_CREDENTIALS}
Content-Type: application/json
X-API-Version: v1

Where {BASE64_ENCODED_CREDENTIALS} is the Base64 encoding of your API Key and API Secret joined with a colon (API_KEY:API_SECRET).

Request Examples

TerminalCode
 
# First, encode your credentials
CREDENTIALS=$(echo -n "your_api_key:your_api_secret" | base64)

# Then use the encoded credentials in your request
curl -X GET "https://inradar.com.br/public/v1/people/" \
  -H "Authorization: Basic $CREDENTIALS" \
  -H "Content-Type: application/json" \
JavascriptCode
 
const apiKey = process.env.INCHURCH_API_KEY;
const apiSecret = process.env.INCHURCH_API_SECRET;

// Create Base64 encoded credentials
const credentials = Buffer.from(`${apiKey}:${apiSecret}`).toString('base64');

const response = await fetch('https://inradar.com.br/public/v1/people/', {
  method: 'GET',
  headers: {
    'Authorization': `Basic ${credentials}`,
    'Content-Type': 'application/json',
    'X-API-Version': 'v1'
  }
});

const data = await response.json();
Code
 
import os
import requests
import base64

api_key = os.getenv('INCHURCH_API_KEY')
api_secret = os.getenv('INCHURCH_API_SECRET')

# Create Base64 encoded credentials
credentials = base64.b64encode(f"{api_key}:{api_secret}".encode()).decode()

headers = {
    'Authorization': f'Basic {credentials}',
    'Content-Type': 'application/json',
    'X-API-Version': 'v1'
}

response = requests.get(
    'https://inradar.com.br/public/v1/people/',
    headers=headers
)

data = response.json()
PHPCode
 
<?php
$apiKey = getenv('INCHURCH_API_KEY');
$apiSecret = getenv('INCHURCH_API_SECRET');

// Create Base64 encoded credentials
$credentials = base64_encode($apiKey . ':' . $apiSecret);

$headers = [
    'Authorization: Basic ' . $credentials,
    'Content-Type: application/json',
    'X-API-Version: v1'
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://inradar.com.br/public/v1/people/');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$data = json_decode($response, true);
curl_close($ch);
?>

Authentication Errors

Common Error Responses

Status CodeErrorDescription
401UNAUTHORIZEDMissing or invalid credentials
403FORBIDDENValid credentials but insufficient permissions
429RATE_LIMITEDToo many requests (see Rate Limits)

Example Error Response

JSONCode
 
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API credentials",
    "details": {
      "reason": "API secret does not match"
    }
  }
}

Best Practices

Security

  • ✅ Store credentials in environment variables
  • ✅ Use HTTPS for all requests
  • ✅ Rotate API secrets regularly
  • ✅ Monitor API usage logs
  • ❌ Never commit credentials to version control
  • ❌ Don't share API secrets via email or chat

Performance

  • ✅ Reuse connections when possible
  • ✅ Implement proper error handling and retries
  • ✅ Respect rate limits
  • ✅ Cache responses when appropriate

Troubleshooting

Testing Your Credentials

Use this simple test to verify your authentication:

TerminalCode
 
# Encode your credentials
CREDENTIALS=$(echo -n "YOUR_API_KEY:YOUR_API_SECRET" | base64)

curl -X GET "https://inradar.com.br/public/v1/people?limit=1" \
  -H "Authorization: Basic $CREDENTIALS" \
  -H "Content-Type: application/json" \
  -H "X-API-Version: v1"

Common Issues

  1. 401 Unauthorized: Check your API key and secret, and ensure they're properly Base64 encoded
  2. 403 Forbidden: Verify your client has the required permissions
  3. Invalid scope: Ensure you're accessing resources within your scope level
Last modified on
OverviewPagination