During the authorization flow, you'll need to include a list of requested scopes (permissions). When users authenticate they will be asked to grant permission to your application's requested scopes.


As a general rule, you should only ask for scopes which your application needs.

All authenticated endpoints require a specific scope to access them, some endpoints might also have additional scopes for additional information. Each endpoint lists the scopes that are required in order to access the endpoint. Please see the API Reference for more information.

read:policiesAllows you to retrieve users' policy information
read:documentsAllows you to retrieve users' policy documents. In order to use this scope, you must also request read:policies

OpenID Connect (OIDC)

We also support a subset of the OpenID Connect (OIDC) scopes, which allows applications to obtain basic profile information about the user.

To use any of the OIDC scopes, you must also request the openid scope the in /authorize request

profileAllows you to access users' profile