What are Scopes?
Scopes refer to the specific permissions or access levels that users can grant to your App when they authorize it to access their data or perform actions on their behalf. Each scope represents a particular set of privileges that your application can obtain - either reading or writing data for a specific resource, or both.
Why are Scopes important?
Scopes enhance user privacy and security by allowing a user to identify and approve the data an App can access and act on.
Which Scopes do I need?
We strongly recommend that your App only uses the necessary scopes it requires to function.
By requesting only the necessary scopes, you're able to minimize the exposure of user data and reduce the risk of unauthorized access or misuse. Users appreciate applications that follow the principle of least privilege, as it builds trust and provides a better user experience. On the flip-side, requesting excessive or unnecessary scopes could raise user concerns or deter them from granting access.
Using Scopes in your Webflow App
Registration
When creating an Data Client App, you'll be asked to register the scopes for your App.
Scope Registration
Authorization
When users authorize your application, you must request the appropriate scopes based on the functionalities your application needs. To request scopes, you'll need to include the required scopes in the scopes parameter of your Authorization URL. Learn more about the Authorization Flow in this guide.
See the example below for how to properly construct your Authorization URL.
https://webflow.com/oauth/authorize?response_type=code&client_id=739dc78b0704716e8aadab301466757fa41afbca5f31aa91a79a35e8708a5866&scope=assets%3Aread%20assets%3Awrite%20authorized_user%3Aread%20cms%3Aread%20cms%3Awrite%20custom_code%3Aread%20custom_code%3Awrite%20forms%3Aread%20forms%3Awrite%20pages%3Aread%20pages%3Awrite%20sites%3Aread%20sites%3Awrite
The URL will result in an Authorization Request page outlining the scopes that your App will be able to access on behalf of an Authorized User.
Available Scopes
Scopes & Endpoints
Throughout our documentation, you'll be able to see which scopes are needed to access a specific endpoint.
| Resource | Scopes | Endpoints |
|---|---|---|
| Assets | assets:read, assets:write | → API Docs |
| Authorized User | authorized_user:read | → API Docs |
| Authorization info | None required | → API Docs |
| CMS | cms:read, cms:write | → API Docs |
| Custom Code | custom_code:read, custom_code:write | → API Docs |
| Ecommerce | ecommerce:read, ecommerce:write | → API Docs |
| Forms | forms:read, forms:write | → API Docs |
| Pages | pages:read, pages:write | → API Docs |
| Sites | sites:read, sites:write | → API Docs |
| User Systems | users:read, users:write | → API Docs |
| Webhooks | Depends on trigger_type | → API Docs |