Scopes

What are Scopes?

Scopes refer to the specific permissions or access levels that users can grant to your App when they authorize it to access their data or perform actions on their behalf. Each scope represents a particular set of privileges that your application can obtain - either reading or writing data for a specific resource, or both.

Why are Scopes important?

Scopes enhance user privacy and security by allowing a user to identify and approve the data an App can access and act on.

Which Scopes do I need?

We strongly recommend that your App only uses the necessary scopes it requires to function.

By requesting only the necessary scopes, you're able to minimize the exposure of user data and reduce the risk of unauthorized access or misuse. Users appreciate applications that follow the principle of least privilege, as it builds trust and provides a better user experience. On the flip-side, requesting excessive or unnecessary scopes could raise user concerns or deter them from granting access.

Using Scopes in your Webflow App

Registration

When creating an Data Client App, you'll be asked to register the scopes for your App.

Scope Registration

Scope Registration

Authorization

When users authorize your application, you must request the appropriate scopes based on the functionalities your application needs. To request scopes, you'll need to include the required scopes in the scopes parameter of your Authorization URL. Learn more about the Authorization Flow in this guide.

See the example below for how to properly construct your Authorization URL.

https://webflow.com/oauth/authorize?response_type=code&client_id=739dc78b0704716e8aadab301466757fa41afbca5f31aa91a79a35e8708a5866&scope=assets%3Aread%20assets%3Awrite%20authorized_user%3Aread%20cms%3Aread%20cms%3Awrite%20custom_code%3Aread%20custom_code%3Awrite%20forms%3Aread%20forms%3Awrite%20pages%3Aread%20pages%3Awrite%20sites%3Aread%20sites%3Awrite

The URL will result in an Authorization Request page outlining the scopes that your App will be able to access on behalf of an Authorized User.

Available Scopes

πŸ“˜

Scopes & Endpoints

Throughout our documentation, you'll be able to see which scopes are needed to access a specific endpoint.

ResourceScopesEndpoints
Assetsassets:read, assets:write→ API Docs
Authorized Userauthorized_user:read→ API Docs
Authorization infoNone required→ API Docs
CMScms:read, cms:write→ API Docs
Custom Codecustom_code:read, custom_code:write→ API Docs
Ecommerceecommerce:read, ecommerce:write→ API Docs
Formsforms:read, forms:write→ API Docs
Pagespages:read, pages:write→ API Docs
Sitessites:read, sites:write→ API Docs
User Systemsusers:read, users:write→ API Docs
WebhooksDepends on trigger_type→ API Docs