Scopes
Permission scopes that gate API operations.
Apps declare a superset of scopes; each authorization grants a subset. The
access token may only call endpoints covered by its granted scopes — calls
missing a scope return 403 insufficient_scope.
| Scope | Grants |
|---|---|
conversations:read | Read conversations |
conversations:write | Create, update, and assign conversations |
messages:read | Read messages |
messages:write | Send, edit, and delete messages |
notes:read | Read internal notes |
notes:write | Add internal notes |
contacts:read | Read contacts and attributes |
contacts:write | Create and update contacts |
segments:read | Read segments |
segments:write | Create, update, and delete segments |
tasks:read | Read tasks |
tasks:write | Create, update, and delete tasks |
users:read | Read team members |
users:write | Invite, update, and remove team members |
organization:read | Read organization details and settings |
organization:write | Update organization details and settings |
For actor=self tokens, scopes are additionally capped by the user's role.
Non-admin members do not get :write scopes that require admin rights, even
if the app requested them.
Request the minimum scopes you need — admins are far more likely to approve a focused permission set.