API Scopes

Ordoo applications carry permissions that describe the access level for user-level authentication. App permissions are configured per application.

The following scopes can be set on an applied:

Scope Name

Description

read_orders

Allows access to see the details of orders placed at an authenticated users stores.

Also allows subscriptions to be setup for the following events:

order.created

order.updated

write_orders

Allows you to progress orders placed at an authenticated users stores.

read_menu

Allows access to read collections, products, traits and trait options.

Also allows subscriptions to be setup for the following events:

collection.created

collection.updated

collection.destroyed

product.created

product.updated

product.destroyed

trait.created

trait.updated

trait.destroyed

trait_option.created

trait_option.updated

trait_option.destroyed

write_menu

Allows access to create update or destroy collections, products, traits or trait options.

read_stores

Allows you to see information about authenticated users stores.

write_stores

Allows you to modify information on authenticated users stores such as set tables.

If a permission level is changed, any user tokens already issued to that Ordoo app must be discarded and users must re-authorise the application in order for the token to inherit the updated permissions.

A good practice is to request only the minimum level of access to a customers data that the application requires.