Skip to main content
Each API key carries a set of scopes. Endpoints check the key’s scopes before running, and return 403 Forbidden with detail: "API key missing required scopes: ..." if any required scope is missing.

Available scopes

ScopeGrants access to
vouchers:readList vouchers, get a single voucher
vouchers:writeCreate vouchers
vouchers:redeemRedeem (deduct from balance) a voucher
products:readList voucher product designs, get a single product
customers:readList customers, get a single customer
customers:writeCreate and update customers
These six scopes are the complete set. Any other scope value will be rejected when the key is created.

Scope-to-endpoint map

EndpointRequired scope
GET /developer/vouchersvouchers:read
GET /developer/vouchers/{code}vouchers:read
POST /developer/vouchersvouchers:write
POST /developer/vouchers/{code}/redeemvouchers:redeem
GET /developer/productsproducts:read
GET /developer/products/{product_id}products:read
GET /developer/customerscustomers:read
GET /developer/customers/{customer_id}customers:read
POST /developer/customerscustomers:write
PATCH /developer/customers/{customer_id}customers:write

Choosing scopes

Grant a key the minimum scopes it needs for the integration. For example, an in-store redemption terminal typically only needs vouchers:read and vouchers:redeem; it does not need vouchers:write or any customer scope.