Scopes

All OAuth 2.0 clients and access tokens have a scope. The scope constrains the endpoints to which a client has access, and whether a client has read or write access to an endpoint. Scopes are defined in the Merchant Center or with the API Clients endpoint for a single project when creating an API Client. Once you create an API Client, you cannot redefine the scopes.

When creating a client or requesting an access token, specify only the scopes your application needs. When requesting an OAuth 2.0 access token, the scope parameter may be omitted. If you do not provide a scope, the access token is granted all the scopes defined for the API client.

manage_project:{projectKey}

Grants permission to use all APIs for the specified Project, with the exception of the API Clients endpoints. For production use, do not use manage_project. Instead, create an API Client and specify only those scopes your application really needs. An API Client using the manage_project scope cannot request a token with less scopes.

manage_products:{projectKey}

Grants permission to view, create, modify, and delete Products in a project. Implies the view_products scope.

view_products:{projectKey}

Grants permission to view Products in a project.

view_published_products:{projectKey}

Grants permission to view published Product Projections in a project. When using GraphQL API, grants permission to query for masterData.current on products interface, as well as to query for published productProjectionSearch results.

manage_categories:{projectKey}

Grants permission to view, create, modify, and delete Categories in a project. Implies the view_categories scope.

view_categories:{projectKey}

Grants permission to view Categories in a project.

manage_orders:{projectKey}

Grants permission to view, create, modify, and delete Orders, Carts, Shipping Methods in a project. Implies the view_orders scope.

manage_orders:{projectKey}:{storeKey}

Grants permission to view, create, modify, and delete Orders and Carts for a store in a project. {storeKey} is the key field of a store. Implies the view_orders:{projectKey}:{storeKey} scope. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_my_orders:{projectKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete Orders and Carts of the customer account in a project.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

manage_my_orders:{projectKey}:{storeKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete Orders and Carts of the customer account in a specific store for a project.{storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

When used as a scope to generate an access token for an anonymous session, grants access to the orders of an anonymousId.

view_orders:{projectKey}

Grants permission to view Orders for a store in a project.

view_orders:{projectKey}:{storeKey}

Grants permission to view Orders and Carts for a specific store in a project. {storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_shopping_lists:{projectKey}

Grants permission to view, create, modify, and delete Shopping Lists in a project.

manage_shopping_lists:{projectKey}:{storeKey}

Grants permission to view, create, modify, and delete Shopping Lists for a specific store in a project. {storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

manage_my_shopping_lists:{projectKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete Shopping Lists of the customer to whom the access token was issued.

When used as a scope to generate an access token for an anonymous session, grants access to the Shopping Lists of an anonymousId.

manage_my_shopping_lists:{projectKey}:{storeKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete Shopping Lists of the customer account in a specific store. {storeKey} is the key field of a store. For more information, see Store Helpers in the HTTP API and GraphQL API.

When used as a scope to generate an access token for an anonymous session, grants access to the Shopping Lists of an anonymousId.

view_shopping_lists:{projectKey}

Grants permission to view Shopping Lists in a project.

view_shopping_lists:{projectKey}:{storeKey}

Grants permission to view Shopping Lists in a specific store for a project.{storeKey} is the key field of a store.

manage_customers:{projectKey}

Grants permission to view, create, modify, and delete Customers in a project. Implies the view_customers scope.

manage_customers:{projectKey}:{storeKey}

Grants permission to view, create, modify, and delete Customers in a specific store for a project.{storeKey} is the key field of a store.

view_customers:{projectKey}

Grants permission to view Customers in a project.

view_customers:{projectKey}:{storeKey}

Grants permission to view Customers in a specific store for a project.{storeKey} is the key field of a store.

manage_my_profile:{projectKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete the profile of a specific customer for whom the access token was issued.

When used as a scope to generate an access token for an anonymous session, grants access to sign up and sign in.

manage_my_profile:{projectKey}:{storeKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete the profile of a specific customer in a specific store for a project.{storeKey} is the key field of a store.

When used as a scope to generate an access token for an anonymous session, grants access to sign up in a store and sign in a store.

manage_types:{projectKey}

Grants permission to view, create, modify, and delete Types in a project. Implies the view_types scope.

view_types:{projectKey}

Grants permission to view Types in a project.

manage_payments:{projectKey}

Grants permission to view, create, modify, and delete Payments in a project.

manage_my_payments:{projectKey}

When used as a scope in the password flow, grants permission to view, create, modify, and delete payments of the customer for whom the access token was issued.

When used as a scope to generate an access token for an anonymous session, grants access for the payments of the anonymousId for which the access token was issued.

view_payments:{projectKey}

Grants permission to view Payments in a project.

create_anonymous_token:{projectKey}

Grants access to access tokens for Anonymous Sessions.

manage_subscriptions:{projectKey}

Grants permission to view, create, modify, and delete Subscriptions in a project.

manage_extensions:{projectKey}

Grants permission to view, create, modify, and delete API Extensions in a project.

manage_key_value_documents:{projectKey}

Grants permission to view, create, modify, and delete Custom Objects in a project.

view_key_value_documents:{projectKey}

Grants permission to view Custom Objects in a project.

manage_project_settings:{projectKey}

Grants permission to view and modify Project settings in a project.

view_project_settings:{projectKey}

Grants permission to view Project settings.

manage_states:{projectKey}

Grants permission to view, create, modify, and delete States in a project.

view_states:{projectKey}

Grants permission to view States in a project.

view_messages:{projectKey}

Grants permission to view Messages in a project.

manage_api_clients:{projectKey}

Grants permission to view, create, and delete API Clients in a project.

view_api_clients:{projectKey}

Grants permission to view API Clients in a project.

manage_stores:{projectKey}

Grants permission to view, create, modify, and delete Stores in a project.

view_stores:{projectKey}

Grants permission to view Stores in a project.

manage_discount_codes:{projectKey}

Grants permission to view, create, modify, and delete Discount Codes in a project.

view_discount_codes:{projectKey}

Grants permission to view Discount Codes in a project.

manage_shipping_methods:{projectKey}

Grants permission to view, create, modify, and delete Shipping Methods in a project.

view_shipping_methods:{projectKey}

Grants permission to view Shipping Methods in a project.

manage_tax_categories:{projectKey}

Grants permission to view, create, modify, and delete Tax Categories in a project.

view_tax_categories:{projectKey}

Grants permission to view Tax Categories in a project.

manage_customer_groups:{projectKey}

Grants permission to view, create, modify, and delete Customer Groups in a project.

view_customer_groups:{projectKey}

Grants permission to view Customer Groups in a project.

manage_cart_discounts:{projectKey}

Grants permission to view, create, modify, and delete Cart Discounts in a project.

view_cart_discounts:{projectKey}

Grants permission to view Cart Discounts in a project.

introspect_oauth_tokens:{projectKey}

Grants access to introspect tokens issued to other clients.

customer_id:{id}

Grants access to the customer with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when using the password flow.

anonymous_id:{id}

Grants access to the anonymous session with the given id, in combination with other permissions like manage_my_orders. The commercetools authorization service issues this scope when requesting an access token for an anonymous session.

manage_product_selections:{projectKey} BETA

Grants permission to view, create, modify, and delete Product Selections in a project.

view_product_selections:{projectKey} BETA

Grants permission to view Product Selections in a project.