Users and Application API Tokens are authorized to perform certain actions for an Application based on the scopes assigned to them.
Multiple scopes can be assigned to an entity for a single application (e.g., a user can be assigned the application:update and the payments:update scopes).
| Scope | Description |
|---|---|
| owner | Each application has exactly one owner. The user that creates the application is automatically assigned this scope, and will remain the owner until she decides to transfer ownership (only the current owner can transfer ownership). An application owner is authorized to perform all actions. Application API tokens cannot be given the owner scope. |
| admin:full | The admin:full scope is able to perform all actions except transfer ownership of the application to a new user. |
| admin:limited | The admin:limited scope is able to perform all actions available to admin:full except manage users and application API tokens. |
| account:update | The account:update scope is able to update accounts within the application. This includes changing subscriptions and issuing refunds. A user with the account:update scope has the account:view scope by inference. |
| account:view | The account:view scope is able to view account data within the application, but cannot, of itself, modify or alter that data in any way. |
| payments:update | The payments:update scope is able to generate new onboard and update links. This scope can also trigger a refresh of the current status of the application from the payment processor. |
| payments:dispute | The payments:dispute scope is able to supply evidence and respond to disputes. |
| application:update | The application:update scope is able to update application details as well as update application entitlements. |
| application:view | The application:view scope is able to load data about the application, but cannot, of itself, modify or alter that data in any way. Every user added to an application is given this scope; it cannot be removed from a user. |