Token Scopes
A token's scope defines which actions it can take. Some applications may only need read access while others will want to write to user data. Users will be shown the scopes that your application is requesting before they approve the request. You can learn more about how to request scopes in the OAuth Grant Flow docs.
List of Scopes
Scope | Description |
---|---|
read | Read access to user data. |
write | Write access to user data. |
Token Scope Format
A token's scope is most often represented with a space-delimited lowercase string. For example, after generating a token, the server might respond with a scope of "read write".
When requesting scopes as part of one of the OAuth grant flows, format it as a space-delimited string. For example, to request the read and write scope, your encoded URL would look like: "?scope=read%20write".
Scopes are limited to the Application's scope
An application also has a scope which defines the maximum permissions it's allowed to request from users.