Scopes let you specify exactly what type of access your application needs. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.

A scope is generally associated with a resource and manages operations on it. Wave uses the naming pattern of resource:operation. Operations can be granted independently of each other, write does not imply read. To request all current and future operations on a resource with a single scope, use the special * operation.

For example, product:read allows read access to a business's products/services. To modify an product, the product:write scope is required. To both read and write products/services, either request product:read and product:write, or only product:*.

Name Description
account:read Read access to Account resource.
account:write Write access to Account resource.
account:* Full access to Account resource.
business:read Read access to Business resource.
business:write Write access to Business resource.
business:* Full access to Business resource.
customer:read Read access to Customer resource.
customer:write Write access to Customer resource.
customer:* Full access to Customer resource.
invoice:read Read access to Invoice resource.
invoice:write Write access to Invoice resource.
invoice:send Send a created Invoice.
invoice:* Full access to Invoice resource.
product:read Read access to Product resource.
product:write Write access to Product resource.
product:* Full access to Product resource.
sales_tax:read Read access to SalesTax resource.
sales_tax:write Write access to SalesTax resource.
sales_tax:* Full access to SalesTax resource.
transaction:write Write access to MoneyTransaction resource.
transaction:* Full access to MoneyTransaction resource.
user:read Read access to User resource.
user:* Full access to User resource.
vendor:read Read access to Vendor resource.
vendor:write Write access to Vendor resource.
vendor:* Full access to Vendor resource.
Updated: