All OAuth 2.0 clients and access tokens have a scope that restricts the clients' access to the endpoints. Depending on the scope granted, a client can have read or write access to an endpoint.
You can define scopes when creating an API Client using the Merchant Center or through the API Clients API. When creating a client or requesting an access token, only provide scopes required by your application. If you do not provide a scope, the access token is granted to all the scopes defined for the API Client. When requesting an OAuth 2.0 access token, the scope parameter can be omitted.
Available Scopes
Checkout Sessions
view_sessions:{projectKey}: grants permission to read a Checkout Session information to interact with Checkout; for example, it is required for Connectors to interact with Checkout.manage_sessions:{projectKey}: grants permission to create a Checkout Session using the Session API.
Applications BETA
view_checkout_applications:{projectKey}: grants permission to view Applications belonging to a Project.manage_checkout_applications:{projectKey}: grants permission to view, create, update, and delete Applications belonging to a Project.
Payment Integrations BETA
view_checkout_payment_integrations:{projectKey}: grants permission to view Payment Integrations integrated into a checkout application.manage_checkout_payment_integrations:{projectKey}: grants permission to view, create, update, and delete Payment Integrations integrated into a checkout application.
Payment Intents BETA
manage_checkout_payment_intents:{projectKey}: grants permission to capture, refund, reverse, or cancel payments made through a payment service provider (PSP) or a gift card service provider.
Transactions BETA
view_checkout_transactions:{projectKey}: grants permission to view Transactions created during payment processing with checkout.manage_checkout_transactions:{projectKey}: grants permission to create Transactions during payment processing with checkout.