Scopes

All OAuth 2.0 clients and access tokens have a scope. The scope constrains the endpoints to which a client has access, and whether a client has read or write access to an endpoint. Scopes are defined in the Merchant Center or with the API clients endpoint for a single project when creating an API client. Once you create an API client, you cannot redefine the scopes.

When creating a client or requesting an access token, specify only the scopes your application needs. When requesting an OAuth 2.0 access token, the scope parameter may be omitted. If you do not provide a scope, the access token is granted all the scopes defined for the API client.

manage_project:{projectKey}

Grants full access to the all APIs for the project, with the exception of the API clients endpoints. For production use, do not use manage_project. Instead, create an API client and specify only scopes your application needs. An API client using the manage_project scope cannot request a token with less scopes.

manage_products:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing products in a project. Implies the view_products scope.

view_products:{projectKey}

Grants access to all the APIs related to viewing products in a project.

manage_categories:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing categories in a project. Implies the view_categories scope.

view_categories:{projectKey}

Grants access to all the APIs related to viewing categories in a project.

view_published_products:{projectKey}

Grants access to all the APIs related to viewing published Product Projections in a project.

manage_orders:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing orders, carts, shipping in a project. Implies the view_orders scope.

manage_orders:{projectKey}:{storeKey}

Grants access to create, modify, and view all orders and carts for a store in a project. {storeKey} is the key field of a store. Implies the view_orders:{projectKey}:{storeKey} scope. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_my_orders:{projectKey}

When used as a scope in the password flow, grants access to all the APIs related to creating, modifying, and viewing orders and carts of the customer account in a project.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

manage_my_orders:{projectKey}:{storeKey}

When used as a scope in the password flow, grants access to all the APIs related to creating, modifying, and viewing orders and carts of the customer account in a specific store for a project.{storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

view_orders:{projectKey}

Grants access to view all orders for a store in a project.

view_orders:{projectKey}:{storeKey}

Grants access to all orders and carts for a specific store in a project. {storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_shopping_lists:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing shopping lists in a project. Implies the view_shopping_lists scope.

manage_my_shopping_lists:{projectKey}

When used as a scope in the password flow, grants access to APIs for creating, modifying, and viewing shopping lists of the customer to whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access to the shopping lists of an anonymousId.

view_shopping_lists:{projectKey}

Grants access to all the APIs related to viewing shopping lists in a project.

manage_customers:{projectKey}

Grants access to all the APIs related to creating, modifying, and customers in a project. Implies the view_customers scope.

manage_customers:{projectKey}:{storeKey}

Grants access to all the APIs related to creating, modifying, and customers in a specific store for a project.{storeKey} is the key field of a store.

view_customers:{projectKey}

Grants access to all the APIs related to viewing customers in a project.

view_customers:{projectKey}:{storeKey}

Grants access to all the APIs related to viewing customers in a specific store for a project.{storeKey} is the key field of a store.

manage_my_profile:{projectKey}

When used as a scope in the password flow, grants access to the APIs for creating, modifying, and viewing the profile of a specific customer for whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access to sign up and sign in.

manage_my_profile:{projectKey}:{storeKey}

When used as a scope in the password flow, grants access to the APIs for creating, modifying, and viewing the profile of a specific customer in a specific store for a project.{storeKey} is the key field of a store. When used as a scope to generate an access token for an anonymous session, grants access to sign up in a store and sign in a store.

manage_types:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing types in a project. Implies the view_types scope.

view_types:{projectKey}

Grants access to all the APIs related to viewing types in a project.

manage_payments:{projectKey}

Grants access to all the APIs related creating, modifying, and viewing payments in a project.

manage_my_payments:{projectKey}

When used as a scope in the password flow, grants access to the APIs for creating, modifying, and viewing payments of the customer for whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access for the payments of the anonymousId for which the access token was issued.

view_payments:{projectKey}

Grants access to all the APIs related to viewing payments in a project.

create_anonymous_token:{projectKey}

Grants access to access tokens for Anonymous Sessions.

manage_subscriptions:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing subscriptions in a project.

manage_extensions:{projectKey}

Grants access all the APIs related to creating, modifying, and viewing API extensions in a project.

manage_key_value_documents:{projectKey}

Grants access to all the APIs related to creating, modifying and viewing Custom Objects in a project.

view_key_value_documents:{projectKey}

Grants access to all the APIs related to viewing Custom Objects in a project.

manage_project_settings:{projectKey}

Grants access to all the APIs related to modifying, and viewing project settings in a project.

view_project_settings:{projectKey}

Grants access to all the APIs related to viewing project settings.

manage_states:{projectKey}

Grants access to all the APIs related to creating, modifying, and viewing states in a project.

view_states:{projectKey}

Grants access to all the APIs related to viewing states in a project.

view_messages:{projectKey}

Grants access to all the APIs related to viewing messages in a project.

manage_api_clients:{projectKey}

Grants access to the APIs for creating, deleting, and viewing API clients.

view_api_clients:{projectKey}

Grants access to the APIs for viewing API clients.

manage_stores:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Stores

view_stores:{projectKey}

Grants access to the APIs for viewing Stores

manage_discount_codes:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Discount Codes

view_discount_codes:{projectKey}

Grants access to the APIs for viewing Discount Codes

manage_shipping_methods:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Shipping Methods

view_shipping_methods:{projectKey}

Grants access to the APIs for viewing Shipping Methods

manage_tax_categories:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Tax Categories

view_tax_categories:{projectKey}

Grants access to the APIs for viewing Tax Categories

manage_customer_groups:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Customer Groups

view_customer_groups:{projectKey}

Grants access to the APIs for viewing Customer Groups

manage_cart_discounts:{projectKey}

Grants access to all the APIs for creating, deleting, and viewing Cart Discounts

view_cart_discounts:{projectKey}

Grants access to the APIs for viewing Cart Discounts

introspect_oauth_tokens:{projectKey}

Grants access to introspect tokens issued to other clients.

customer_id:{id}

Grants access to the customer with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when using the password flow.

anonymous_id:{id}

Grants access to the anonymous session with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when requesting an access token for an anonymous session.