Home
Guides
Start typing to search…

API Authorisation

Access Token Scoping

We provide flexible control over API access by allowing you to issue access tokens scoped to your specific operational needs. This method ensures that the system grants access on a principle of least privilege. You can request tokens that are:

  1. Scoped to a specific action: For example, you can issue a token that has permission only to caas:transactions:read across all your users.
  2. Scoped to a specific user(customer): You could create a token that grants full API access but only for a single user.
  3. Scoped to both a user and a single action: This is the most restrictive scope. For instance, you could request a token that is only permitted to get spending analysis for a single, specified user.

This model allows you to create broad-access tokens for backend processes or highly restricted tokens for user-facing applications, depending on the use case.

Scopes

The following are the available scopes(actions) that an access token can support.

CaaS Scopes

  • caas:transactions:write- This scope will allow the return of transactions when posting to the transactions endpoint, despite nocaas:transactions:read\ scope.
  • caas:transactions:read - Read access to standard transactions and related enrichment (geotags, counterparties).
  • caas:transactions:delete - Destructive scope for removing transactions and other related data.
  • caas:transaction_splits:write - This scope will allow the return of transaction splits when posting to the transactions endpoint, despite no caas:transaction_splits:read scope.
  • caas:transaction_splits:read - Read access to standard transaction splits.
  • caas:transaction_splits:delete - Destructive scope for removing transaction splits.
  • caas:enhanced_transactions:read - Read access to enhanced transactions and related enrichment (geotags, counterparties).
  • caas:regular_transactions:read - Read access to regular transactions series.
  • caas:categories:read - Read access to a customer’s categories.
  • caas:categories:write - Write access to a customer’s custom categories.
  • caas:categories:delete- Destructive scope for categories.
  • caas:users:delete - Destructive scope for deleting all transaction enrichment data for transactions with the same userId and/or accountId.

Updated about 2 months ago