Many of the API scopes are segmented similarly to the admin console. There are some special ones that cover more specific functionality. An access token can only use the scopes that are requested by the application when the token is being created. To change the scope, a new token must be obtained.
The user account requesting the access token must have the appropriate role-based privledges in the admin console before they can obtain a token.
People
Permissions required: Customers
, CustomerTypes
, UserAccounts
, StoreSettings
read_people
- View customer, user, or profile datapeople
- View and change customer, user, or profile data; supercedesread_customer
if specified together
Orders
Permissions required: Orders
, OrderStatuses
read_order
- View order dataorder
- View and change order data; supercedesread_order
if specified together
Catalog
Permissions required: Products
, ProductStatuses
, VariationGroups
, ProductAttributes
, Categories
, Manufacturers
read_catalog
- View catalog datacatalog
- View and change catalog data; supercedesread_catalog
if specified together
Content
Permissions required: Blogs
, BlogCategories
, BlogPosts
, ContentManagement
, UrlRedirecting
read_content
- View blog, page, and other content-related datacontent
- View and change blog, page, and other content-related data; supercedesread_content
if specified together
Marketing
Permissions required: AdCodes
, Affiliates
, EmailEditor
, MailingList
, DiscountMethods
, GiftCertificates
read_marketing
- View adcode, discount, and other marketing-related datamarketing
- View and change adcode, discount, and other marketing-related data; supercedesread_marketing
if specified together
Tools
email
- Send email on behalf of the store (requiresEmailEditor
permissions)custom_fields
- Manage custom fields (requiresCustomFields
permissions)
Other
settings
- View and change configuration data (requiresShipping
,Warehouses
,TaxRates
,GlobalRegions
,PaymentGateways
, andUrlRedirecting
permissions)system
- Perform system tasks such as uploading files to the site (requiresFileBrowser
,Sessions
, andStoreSettings
permissions)decrypt
- Access to decrypt certain sensitive information, cannot be combined withno_expiry
(user must be able to view credit card data)no_expiry
- Token does not expire and does not require a refresh token, cannot be combined withdecrypt
NOTE: We offer paid API support starting at $150, and increases based on the hours of support needed. This is Developer level support. If this support is needed, please enter a support request with the full scope of assistance required, so that we can provide an accurate quote for the work needed.