Scopes

All OAuth 2.0 clients and access tokens have a scope. The scope constrains the endpoints to which a client has access, and whether a client has read or write access to an endpoint. Scopes are defined in the Merchant Center or with the API clients endpoint for a single project when creating an API client. Once you create an API client, you cannot redefine the scopes.

When creating a client or requesting an access token, specify only the scopes your application needs. When requesting an OAuth 2.0 access token, the scope parameter may be omitted. If you do not provide a scope, the access token is granted all the scopes defined for the API client.

manage_project:{projectKey}
Grants full access to the all APIs for the project, with the exception of the API clients endpoints. For production use, do not use manage_project. Instead, create an API client and specify only scopes your application needs. An API client using the manage_project scope cannot request a token with less scopes.

manage_products:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing products in a project. Implies the view_products scope.

view_products:{projectKey}
Grants access to all the APIs related to viewing products in a project.

manage_orders:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing orders, carts, shipping in a project. Implies the view_orders scope.

manage_orders:{projectKey}:{storeKey}
Grants access to create, modify and view all orders and carts for a store in a project. {storeKey} is the key field of a store. Implies the view_orders:{projectKey}:{storeKey} scope. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_my_orders:{projectKey} When used as a scope in the password flow, grants access to all the APIs related to creating, modifying and viewing orders and carts of the customer account in a project.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

manage_my_orders:{projectKey}:{storeKey} When used as a scope in the password flow, grants access to all the APIs related to creating, modifying and viewing orders and carts of the customer account in a specific store for a project.{storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

view_orders:{projectKey}
Grants access to view all orders for a store in a project.

view_orders:{projectKey}:{storeKey}
Grants access to all orders and carts for a specific store in a project. {storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_shopping_lists:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing shopping lists in a project. Implies the view_shopping_lists scope.

manage_my_shopping_lists:{projectKey}
When used as a scope in the password flow, grants access to APIs for creating, modifying and viewing shopping lists of the customer to whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access to the shopping lists of an anonymousId.

view_shopping_lists:{projectKey}
Grants access to all the APIs related to viewing shopping lists in a project.

manage_customers:{projectKey}
Grants access to all the APIs related to creating, modifying and customers and in a project. Implies the view_customers scope.

view_customers:{projectKey}
Grants access to all the APIs related to viewing customers in a project.

manage_my_profile:{projectKey}
When used as a scope in the password flow, grants access to the APIs for creating, modifying and viewing the profile of a specific customer for whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access to sign up and sign in.

manage_types:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing types in a project. Implies the view_types scope.

view_types:{projectKey}
Grants access to all the APIs related to viewing types in a project.

manage_payments:{projectKey}
Grants access to all the APIs related creating, modifying and viewing payments in a project.

manage_my_payments:{projectKey}
When used as a scope in the password flow, grants access to the APIs for creating, modifying and viewing payments of the customer for whom the access token was issued. When used as a scope to generate an access token for an anonymous session, grants access for the payments of the anonymousId for which the access token was issued.

view_payments:{projectKey}
Grants access to all the APIs related to viewing payments in a project.

create_anonymous_token:{projectKey}
Grants access to access tokens for Anonymous Sessions.

manage_subscriptions:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing subscriptions in a project.

manage_extensions:{projectKey}
Grants access all the APIs related to creating, modifying and viewing API extensions in a project.

manage_project_settings:{projectKey}
Grants access to all the APIs related to modifying and viewing project settings in a project.

view_project_settings:{projectKey}
Grants access to all the APIs related to viewing project settings.

manage_states:{projectKey}
Grants access to all the APIs related to creating, modifying and viewing states in a project.

view_states:{projectKey}
Grants access to all the APIs related to viewing states in a project.

view_messages:{projectKey}
Grants access to all the APIs related to viewing messages in a project.

manage_api_clients:{projectKey} Grants access to the APIs for creating, deleting and viewing API clients.

view_api_clients:{projectKey} Grants access to the APIs for viewing API clients.

manage_stores:{projectKey} Grants access to all the APIs for creating, deleting and viewing Stores

view_store:{projectKey} Grants access to the APIs for viewing Stores

introspect_oauth_tokens:{projectKey} Grants access to introspect tokens issued to other clients.

customer_id:{id}
Grants access to the customer with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when using the password flow.

anonymous_id:{id}
Grants access to the anonymous session with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when requesting an access token for an anonymous session.