Guides
Start typing to search…

API Authorisation

Access Token Scoping

We provide flexible control over API access by allowing you to issue access tokens scoped to your specific operational needs. This method ensures that the system grants access on a principle of least privilege. Access tokens are obtained using the client_credentials grant type and are scoped to specific actions (scopes) that define what operations the token can perform.

For example, you can issue a token that has permission only to caas:transactions:read, or you can request multiple scopes in a single token request (e.g., caas:transactions:read caas:transactions:write). This model allows you to create tokens with the minimum permissions required for your specific use case.

See our client credentials documentation for details on how to obtain access tokens.

Scopes

The following are the available scopes (actions) that an access token can support.

CaaS Scopes

  • caas:transactions:write - This scope will allow the return of transactions when posting to the transactions endpoint, despite no caas:transactions:read scope.
  • caas:transactions:read - Read access to standard transactions and related enrichment (geotags, counterparties).
  • caas:transactions:delete - Destructive scope for removing transactions and other related data.
  • caas:transaction_splits:write - This scope will allow the return of transaction splits when posting to the transactions endpoint, despite no caas:transaction_splits:read scope.
  • caas:transaction_splits:read - Read access to standard transaction splits.
  • caas:transaction_splits:delete - Destructive scope for removing transaction splits.
  • caas:enhanced_transactions:read - Read access to enhanced transactions and related enrichment (geotags, counterparties).
  • caas:regular_transactions:read - Read access to regular transactions series.
  • caas:categories:read - Read access to a customer’s categories.
  • caas:categories:write - Write access to a customer’s custom categories.
  • caas:categories:delete - Destructive scope for categories.
  • caas:users:delete - Destructive scope for deleting all transaction enrichment data for transactions with the same userId and/or accountId.

Updated about 1 month ago