For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Resources
Get started
ReferenceGuidesExamplesChangelog
ReferenceGuidesExamplesChangelog
  • Data API
    • Introduction
      • Quick Start
      • Structure
      • Authentication
        • OAuth
        • Site Token
        • Workspace Token
        • Scopes
      • Rate Limits
      • Error Handling
      • Versioning
      • SDKs
  • Token
    • GETGet Authorization User Info
    • GETGet Authorization Info
  • Sites
    • GETList Sites
    • GETGet Site
    • GETGet Custom Domains
    • POSTPublish Site
  • Pages and Components
  • CMS
  • Forms
  • Custom Code
  • Assets
  • Comments
    • GETList Comment Threads
    • GETGet Comment Thread
    • GETList Comment Replies
  • Ecommerce
  • Webhooks
    • GETList Webhooks
    • GETGet Webhook
    • POSTCreate Webhook
    • DELRemove Webhook
  • Site Configuration
  • Enterprise
LogoLogo
Resources
Get started
On this page
  • Available scopes
  • Understanding scopes
  • Adding scopes
Data APIIntroductionAuthentication

Scopes

Was this page helpful?
Previous

Rate Limits

Next
Built with

Available scopes

Available scopes are determined by the type of token you’re creating. For Data Client apps and site tokens, refer to the site-level scopes. For workspace tokens, refer to the workspace-level scopes.

Site-level
Workspace-level
ResourceScopesEndpoints
Assetsassets:read, assets:write→ API Docs
Authorized Userauthorized_user:read→ API Docs
Authorization infoNone required→ API Docs
CMScms:read, cms:write→ API Docs
Commentscomments:read, comments:write→ API Docs
Componentscomponents:read, components:write→ API Docs
Custom Codecustom_code:read, custom_code:write→ API Docs
Ecommerceecommerce:read, ecommerce:write→ API Docs
Formsforms:read, forms:write→ API Docs
Pagespages:read, pages:write→ API Docs
Sitessites:read, sites:write→ API Docs
Site Activitysite_activity:read→ API Docs
Site Configurationsite_config:read, site_config:write→ API Docs
Usersusers:read, users:write→ API Docs
WebhooksDepends on trigger_type→ API Docs
Workspaceworkspace:read, workspace:write→ API Docs
The custom_code:read and custom_code:write scopes are available only to Data Client apps. Site tokens cannot access custom code endpoints.
Quick tip: Finding required scopes

Each API endpoint lists its required scopes in the description. When planning your integration, check the endpoints you’ll use to determine which scopes to request.

Understanding scopes

Scopes are permissions that control what data your app can access. Think of them like permissions on your phone - an app might request access to your camera, photos, or contacts. In Webflow’s API:

  • Each scope gives access to specific resources
  • Scopes usually come in pairs: :read for viewing data, :write for modifying data
  • Users will see and approve these permissions when connecting to your app
Best practice

Only request scopes your app actually needs. Requesting unnecessary scopes can make users hesitant to approve your app.

Adding scopes

When creating a Data Client App or an API token, you’ll first register your required scopes:

Data Client App
API Token

During app registration, select the scopes that match your app’s required functionality. These scopes define what data your app can access.

Scope Registration
Scope Registration
Using scopes in OAuth

After registration, you’ll use these same scopes in your Authorization URL during the OAuth flow. This shows users an authorization page where they can review and approve your requested permissions.

See our authorization guide for step-by-step OAuth implementation.