Scopes

What are Scopes?

Scopes refer to the specific permissions or access levels that users can grant to your App when they authorize it to access their data or perform actions on their behalf. Each scope represents a particular set of privileges that your application can obtain - either reading or writing data for a specific resource, or both.


Why are Scopes important?

Scopes enhance user privacy and security by allowing a user to identify and approve the data an App can access and act on.


Which Scopes do I need?

We strongly recommend that your App only uses the necessary scopes it requires to function.

By requesting only the necessary scopes, you're able to minimize the exposure of user data and reduce the risk of unauthorized access or misuse. Users appreciate applications that follow the principle of least privilege, as it builds trust and provides a better user experience. On the flip-side, requesting excessive or unnecessary scopes could raise user concerns or deter them from granting access.


Using Scopes in your Webflow App


Registration

When creating an Data Client App, you'll be asked to register the scopes for your App.

Scope Registration

Scope Registration

Authorization

When users authorize your application, you must request the appropriate scopes based on the functionalities your application needs. To request scopes, you'll need to include the required scopes in the scopes parameter of your Authorization URL. Learn more about the Authorization Flow in this guide.

See the example below for how to properly construct your Authorization URL.

https://webflow.com/oauth/authorize?response_type=code&client_id=739dc78b0704716e8aadab301466757fa41afbca5f31aa91a79a35e8708a5866&scope=assets%3Aread%20assets%3Awrite%20authorized_user%3Aread%20cms%3Aread%20cms%3Awrite%20custom_code%3Aread%20custom_code%3Awrite%20forms%3Aread%20forms%3Awrite%20pages%3Aread%20pages%3Awrite%20sites%3Aread%20sites%3Awrite

The URL will result in an Authorization Request page outlining the scopes that your App will be able to access on behalf of an Authorized User.


Available Scopes

📘

Scopes & Endpoints

Throughout our documentation, you'll be able to see which scopes are needed to access a specific endpoint.

ResourceScopesEndpoints
Assetsassets:read, assets:writeAPI Docs
Authorized Userauthorized_user:readAPI Docs
Authorization infoNone requiredAPI Docs
CMScms:read, cms:writeAPI Docs
Custom Codecustom_code:read, custom_code:writeAPI Docs
Ecommerceecommerce:read, ecommerce:writeAPI Docs
Formsforms:read, forms:writeAPI Docs
Pagespages:read, pages:writeAPI Docs
Sitessites:read, sites:writeAPI Docs
Site Activitysite_activity:readAPI Docs
Usersusers:read, users:writeAPI Docs
WebhooksDepends on trigger_typeAPI Docs