API Check-in Automation - 403 Forbidden on Shift Endpoints

I’m testing the API to automate the check-in of working hours for the current day. Could you clarify the difference between:
• /resources/shift_management/shifts
• /resources/attendance/shifts

I’m using an employee token from my OAuth App, but I’m getting a 403 Forbidden response on both endpoints.

Shouldn’t my token have the necessary permissions for this action, considering that I can manually check in via the dashboard?