Scopes
Permission scopes that gate API operations.
Apps declare a superset of scopes; each authorization grants a subset. The
access token may only call endpoints covered by its granted scopes — calls
missing a scope return 403 insufficient_scope.
| Scope | Grants |
|---|---|
conversations:read |
Read conversations |
conversations:write |
Create, update, and assign conversations |
messages:read |
Read messages |
messages:write |
Send, edit, and delete messages |
notes:read |
Read internal notes |
notes:write |
Add internal notes |
contacts:read |
Read contacts and attributes |
contacts:write |
Create and update contacts |
segments:read |
Read segments |
segments:write |
Create, update, and delete segments |
tasks:read |
Read tasks |
tasks:write |
Create, update, and delete tasks |
users:read |
Read team members |
users:write |
Invite, update, and remove team members |
organization:read |
Read organization details and settings |
organization:write |
Update organization details and settings |
Warning — For
actor=selftokens, scopes are additionally capped by the user's role. Non-admin members do not get:writescopes that require admin rights, even if the app requested them.
Request the minimum scopes you need — admins are far more likely to approve a focused permission set.