Token scopes
Scopes control what an API token is allowed to do. When you create a token, you select one or more scopes, and the token can only perform actions covered by the scopes you granted. A token must have at least one scope.
Available scopes
Section titled “Available scopes”| Scope | What it grants |
|---|---|
read_user | Read the authenticated user’s profile. |
Choosing scopes
Section titled “Choosing scopes”Grant each token only the scopes it actually needs. If an integration just needs to read profile information, give it read_user and nothing more — that way, if the token is ever exposed, the access it carries is as limited as possible.
You select scopes when generating a token, and you can rename a token afterward, but the scopes are set at creation time. To change what a token can do, revoke it and generate a new one with the scopes you want.
Related
Section titled “Related”- Create an API token
- Rate limits
- API reference — for which endpoints each scope unlocks.