Scopes for OAuth Apps
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
When setting up an OAuth App on TextMaster, requested scopes are displayed to the user on the authorization form.
Available Scopes
public
Grants read-only access to public information (such as, but not limited to, available languages, options, pricing, expertises). This is the default scope if none is provided.
user:manage
Grants full access to user's profile info only (includes user:email
).
user:read
Grants read-only access to user's profile info.
user:write
Grants read/write access to user's profile info.
user:email
Grants read-only access to user's private email address.
glossary:manage
Grants full access to glossaries (includes the ones shared from organization).
glossary:read
Grants read-only access to glossaries (includes the ones shared from organization).
glossary:write
Grants read/write access to glossaries (includes the ones shared from organization).
project:manage
Grants full access to projects, documents and templates (includes project:launch
and project:quote
).
project:read
Grants read-only access to projects, documents and templates.
project:write
Grants read/write access to projects, documents and templates.
project:launch
Grants access to launch projects and debit the client's account.
project:quote
Grants access to request project quotations.
discussion:manage
Grants full access to team discussions.
discussion:read
Grants read-only access to team discussions.
discussion:write
Grants read/write access to team discussions.
transaction:read
Grants read-only access to financial transactions.
preferred_author:manage
Grants full access to client's preferred authors.
preferred_author:read
Grants read-only access to client's preferred authors.
preferred_author:write
Grants read/write access to client's preferred authors.
resource:manage
scopes grants full access to the resource. You should use this scope as a shortcut for requesting all permissions on a given resource instead of listing them individually. However, we advise that OAuth apps only request the permissions they absolutely need to operate under normal conditions.
Tips: Your OAuth App can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space using %20
:
Requested scopes and granted scopes
The scope
attribute lists scopes attached to the token that were granted by the user. Normally, these scopes will be identical to what you requested. However, users can edit their scopes, effectively granting your application less access than you originally requested. Also, users can edit token scopes after the OAuth flow is completed. You should be aware of this possibility and adjust your application's behavior accordingly.
It is important to handle error cases when a user chooses to grant you less access than you originally requested. For example, applications can warn or otherwise communicate with their users that they will see reduced functionality or be unable to perform some actions.
Also, applications can always send users back through the flow again to request additional permissions, but don’t forget that users can always deny those.
Last updated