Introduction to request scopes

A scope is used to convey what permissions your application requires when requesting permission from the end-user. Once an access token is issued you cannot change the scope without recreating another grant request because the end-user has only permitted your application access within the bounds of the scope. You should see the scope as an agreement between your application and the end-user. The scope is presented to the end-user on grant request, and only if they agree to provide access will you receive the credentials required to subsequently acquire access.

Syntax

A scope's format is very similar to the _fields parameter. It may contain up to two parent keys (operations): read or write, and within defines the resources permitted with the operation.

Current available scopes are:

read(all) - Read only access to all data the user owns or has access to including personal information, and
write(all) - Read and write access to all data the user owns or has access to including personal information.
read({resource}) - Read only access to data related to the {resource} object.
write({resource}) - Read and write access to data related to the {resource} object.

Scope resources can be any of our endpoints. The scope can be concatenated and delimited by a comma. For example:

read(all),write(companies,contacts) - read all information and write to only companies and contacts.
write(contacts,issues) - Read and write access to contact and issue data.