Scope

Scope (List of permissions) is a set of actions on behalf of the user that is available for an integration via OAuth protocol.

Permissions are divided in two groups:

  1. Access to account data according to user rights. All API methods are accessible, except methods that work with Notification Center
  2. Notification Center

The integration can be installed only by administrators, and authorized by different users. That’s why it has limitations on access rights to data according to the authorizer’s permissions and rights.

The account administrator can revoke access from any installed integration for any user. This can be done in the integration section in the modal integration window. The user can only revoke the access that they granted in their profile. You will need to ask for the account administrators’ and the users’ permission again.

foto

Note: Notification about revoking access will be sent to the webhook (Access revoked notification webhook) specified when creating the integration. 

If you changed the permissions for which your integration asks, you should ask users who already enabled it to grant access again.

Example:

When creating an integration, you didn’t choose access to the Notification center, and users already gave your integration limited scope access. After that, you edited the scope in the integration settings to make it full rights. This means users that had limited scope will continue to work in a limited scope. To obtain the new scope from the same users, you will need to ask for their permission again.