OAuth 2.0 Scopes
This document provides a comprehensive listing of OAuth 2.0 scopes required to access API endpoints and webhook events.
The scope table organizes access permissions across multiple feature areas including:
- Business Management: businesses (read/write)
- Calendar Operations: calendars, groups, resources, and events (read/write)
- Contact Management: contacts with tasks, notes, and campaign associations
- Conversations: messaging, recordings, and transcriptions
- Financial: invoices, payments, subscriptions, and transactions
- Marketing: campaigns, forms, workflows, and social media posting
- Content: blogs, courses, emails, and surveys
- Administrative: users, locations, and custom fields/values
Access Types
The scopes are designated for two primary access levels:
- Sub-Account: Standard operational access for account users
- Agency: Administrative access for agency-level management
The scopes specify which endpoints require read (readonly) versus write permissions, and list associated webhook events where applicable. Each scope grants access to specific HTTP methods (GET, POST, PUT, DELETE, PATCH) on designated endpoints.
Scopes follow the format:
resource/action.permission
conversations/message.readonly
conversations/message.write
scope=conversations/message.readonly contacts.readonly calendars.write
Last modified on March 4, 2026
.png?fit=max&auto=format&n=EQK5eX9kTD8NzWwA&q=85&s=878008bf159fcc4964d0c0d508b6e400)