API Scopes

Many of the API scopes are segmented similarly to the admin console. There are some special ones that cover more specific functionality. An access token can only use the scopes that are requested by the application when the token is being created. To change the scope, a new token must be obtained.

The user account requesting the access token must have the appropriate role-based privledges in the admin console before they can obtain a token.

People

Permissions required: CustomersCustomerTypesUserAccountsStoreSettings

  • read_people - View customer, user, or profile data
  • people - View and change customer, user, or profile data; supercedes read_customer if specified together

Orders

Permissions required: OrdersOrderStatuses

  • read_order - View order data
  • order - View and change order data; supercedes read_order if specified together

Catalog

Permissions required: ProductsProductStatusesVariationGroupsProductAttributesCategoriesManufacturers

  • read_catalog - View catalog data
  • catalog - View and change catalog data; supercedes read_catalog if specified together

Content

Permissions required: BlogsBlogCategoriesBlogPostsContentManagementUrlRedirecting

  • read_content - View blog, page, and other content-related data
  • content - View and change blog, page, and other content-related data; supercedes read_content if specified together

Marketing

Permissions required: AdCodesAffiliatesEmailEditorMailingListDiscountMethodsGiftCertificates

  • read_marketing - View adcode, discount, and other marketing-related data
  • marketing - View and change adcode, discount, and other marketing-related data; supercedes read_marketing if specified together

Tools

  • email - Send email on behalf of the store (requires EmailEditor permissions)
  • custom_fields - Manage custom fields (requires CustomFields permissions)

Other

  • settings - View and change configuration data (requires ShippingWarehousesTaxRatesGlobalRegions,PaymentGateways, and UrlRedirecting permissions)
  • system - Perform system tasks such as uploading files to the site (requires FileBrowserSessions, and StoreSettingspermissions)
  • decrypt - Access to decrypt certain sensitive information, cannot be combined with no_expiry (user must be able to view credit card data)
  • no_expiry - Token does not expire and does not require a refresh token, cannot be combined with decrypt

 NOTE: We offer paid API support starting at $150, and increases based on the hours of support needed. This is Developer level support. If this support is needed, please enter a support request with the full scope of assistance required, so that we can provide an accurate quote for the work needed. 

Related articles

We're Here To Help

Standard Support Hours: Monday-Friday 8AM-5PM CST
Looking for Premium Support? Just ask!

Submit A Support Ticket
Submit Your Ticket Here
About Us Newsroom Resources Case Studies CareersHiring Contact us Sign In
Storefront
Storefront Platform Storefront Analytics Web Design & Development
Fulfillment
Order Management Fulfillment Analytics Pick, Pack & Ship Inventory Storage
Marketplaces
Multichannel Management Marketplace Analytics Feed Management Sales Channel Expansion Sales Channel Optimization
Advanced Analytics
Pixel Unified Analytics Data Science Solutions
Growth Marketing
Pixel Marketing Analytics Go to Market Digital & Offline Organic Search Messaging & Creative Performance Optimization
Customer Engagement
Customer Engagement Customer Support Telesales Strategy
Funding
Growth Capital Working Capital
2022 © Cart.com, Inc. All rights reserved.
Privacy Terms