Manage authorization scopes
Introduction
Authorization scopes refer to the specific access levels that an application or user can request when interacting with an API. Scopes help define the boundaries of what actions or data the application is allowed to access. In Banqup, scopes have been implemented as part of the OAuth 2.0 authentication protocol.
When you integrate an API into your application, you specify the scopes you need based on the functionality you want to implement. Banqup then defines what actions or data each scope grants access to, and users can grant or deny these scopes when they authorize the application to access their data. This ensures security and privacy by only granting access to the specific resources required for the application to function.
Scope types
In Banqup, there are three main types of permissions:
read: Grants permission to the application or user to view or read specific resources without the ability to modify or write data.write: Grants permission to the application or user to create, modify, or delete data within the API.admin: Grants extensive control and management capabilities within the API. It encompasses privileges related to the administration and configuration of the system or application.
Scopes overview
Every Banqup scope is assigned:
- a name (e.g. entity_read)
- an identifier (e.g. 3f95524e-70aa-4663-8548-763583e08909)
Using the scope ID, you can grant users/applications a specific permission to a resource, via REST API.
| Scope name | Access details |
|---|---|
[no scope] | Grants read-only access to public information (e.g. API authorization). |
entity_read | Grants access to view entity-related data, such as: entities you have access to, entity details, entity permissions, entity's payment accounts, entity tax information etc. |
entity_write | Grants access to manipulate entity-related data, such as: entities you have access to, entity details, entity permissions, entity's payment accounts, entity tax information etc. |
space_read | Grants access to view space-related data, such as: spaces you have access to, space details, space permissions, space's payment accounts, etc. |
space_write | Grants access to manipulate space-related data, such as: spaces you have access to, space details, space permissions, space's payment accounts, etc. |
store_read | Grants access to view data related to applications from the Banqup Store. |
store_write | Grants access to manipulate data related to applications from the Banqup Store. |
store_admin | Grants access to administrate data related to applications from the Banqup Store. |
user_read | Grants access to view user-related data, such as: name, email, status etc. |
user_write | Grants access to manipulate user-related data, such as: name, email, status etc. |
account_read | Grants access to view data related to payment accounts. |
account_write | Grants access to manipulate data related to payment accounts. |
extension_read | Grants access to view data related to extensions. |
extension_write | Grants access to manipulate extension-related data, e.g. granting permission to an extension. |