Permissions scopes

There are a number of different permission scopes in the Foxy API. Each permission scope can have write or read permissions, along with a third permission of resend which is only used for a couple specific endpoints (as noted below).

The scopes follow the format of resource_read, resource_write or resource_resend. The *_read permission is only for performing GET and OPTIONS requests. The *_write permission is for POST, PUT, PATCH and DELETE requests but it also inherits the *_read permissions too.

There is also a store_full_access scope, which bypassess all the permissions and grants access to every resource on the store.

Below is the list of the different scopes and which endpoints require them:

Cart

Scopes: carts_read, carts_write

  • /applied_coupon_codes/{id}
  • /applied_taxes/{id}
  • /cart_attributes/{id}
  • /cart_custom_fields/{id}
  • /carts/{id}/applied_coupon_codes
  • /carts/{id}/attributes
  • /carts/{id}/cart_custom_fields
  • /carts/{id}/discounts
  • /carts/{id}/items
  • /carts/{id}/session
  • /carts/{id}
  • /coupon_details/{id}
  • /discount_details/{id}
  • /discounts/{id}
  • /item_attributes/{id}
  • /item_options/{id}
  • /items/{id}/attributes
  • /items/{id}/coupon_details
  • /items/{id}/discount_details
  • /items/{id}/item_options
  • /items/{id}
  • /stores/{id}/carts
  • /transaction_custom_fields/{id}
  • /transactions/{id}/discounts
  • /transactions/{id}/transaction_custom_fields

Client

Scopes: clients_read, clients_write

  • /client_attributes/{id}
  • /clients/{id}/attributes
  • /clients/{id}
  • /users

Coupon

Scopes: coupons_read, coupons_write

  • /coupon_code_transactions/{id}
  • /coupon_codes/{id}/transactions
  • /coupon_codes/{id}
  • /coupon_item_categories/{id}
  • /coupons/{id}/codes
  • /coupons/{id}/generate_codes
  • /coupons/{id}/item_categories
  • /coupons/{id}
  • /stores/{id}/coupons

Customer

Scopes: customers_read, customers_write

  • /customer_addresses/{id}
  • /customer_attributes/{id}
  • /customers/{id}/addresses
  • /customers/{id}/attributes
  • /customers/{id}/default_billing_address
  • /customers/{id}/default_payment_method
  • /customers/{id}/default_shipping_address
  • /customers/{id}
  • /stores/{id}/customers

Customer Portal Setting

Scopes: customer_porta_settings_read, customer_porta_settings_write

  • /stores/{id}/customer_portal_settings

Downloadable

Scopes: downloadables_read, downloadables_write

  • /downloadables/{id}
  • /item_categories/{id}/downloadables
  • /stores/{id}/downloadables

Gift Card

Scopes: gift_cards_read, gift_cards_write

  • /gift_card_code_log_detail/{id}
  • /gift_card_codes/{id}/logs
  • /gift_card_codes/{id}
  • /gift_card_item_categories/{id}
  • /gift_cards/{id}/codes
  • /gift_cards/{id}/generate_codes
  • /gift_cards/{id}/item_categories
  • /gift_cards/{id}
  • /stores/{id}/gift_card_codes
  • /stores/{id}/gift_cards
  • /transactions/{id}/gift_card_code_logs

Integration

Scopes: integrations_read, integrations_write

  • /integrations/{ecrypted_token}
  • /stores/{id}/integrations

Item Category

Scopes: item_categories_read, item_categories_write

  • /item_categories/{id}
  • /stores/{id}/item_categories

Payment Setting

Scopes: payment_settings_read, payment_settings_write

  • /fraud_protections/{id}
  • /hosted_payment_gateways/{id}/connect_gateway
  • /hosted_payment_gateways/{id}
  • /native_integrations/{id}
  • /payment_gateways/{id}
  • /payment_method_set_fraud_protections/{id}
  • /payment_method_set_hosted_payment_gateways/{id}
  • /payment_method_sets/{id}/connect_gateway
  • /payment_method_sets/{id}/fraud_protections
  • /payment_method_sets/{id}/hosted_payment_gateways
  • /payment_method_sets/{id}
  • /stores/{id}/fraud_protections
  • /stores/{id}/hosted_payment_gateways
  • /stores/{id}/native_integrations
  • /stores/{id}/payment_gateways
  • /stores/{id}/payment_method_sets
  • /transactions/{id}/native_integrations

Reporting

Scopes: reporting_read, reporting_write

  • /error_entries/{id}
  • /payment_methods_expiring/{id}
  • /report/{id}
  • /stores/{id}/error_entries
  • /stores/{id}/payment_methods_expiring
  • /stores/{id}/reports

Shipping Setting

Scopes: shipping_settings_read, shipping_settings_write

  • /store_shipping_methods/{id}/store_shipping_services
  • /store_shipping_methods/{id}
  • /stores/{id}/store_shipping_methods

Store

Scopes: stores_read, stores_write

  • /customers/token_exchange
  • /encode
  • /reporting/store_domain_exists
  • /store_attributes/{id}
  • /stores/{id}/attributes
  • /stores/{id}

StoreUserAccess

Scopes: store_user_accesses_read, store_user_accesses_write

  • /reporting/email_exists
  • /stores/{id}/user_accesses
  • /user_accesses/{id}

Subscription

Scopes: subscriptions_read, subscriptions_write

  • /stores/{id}/subscriptions
  • /subscription_attributes/{id}
  • /subscriptions/{id}/attributes
  • /subscriptions/{id}

Subscription Setting

Scopes: subscription_settings_read, subscription_settings_write

  • /store_subscription_settings/{id}

Tax Setting

Scopes: tax_settings_read, tax_settings_write

  • /item_categories/{id}/tax_item_categories
  • /native_integrations/{id}
  • /stores/{id}/native_integrations
  • /stores/{id}/taxes
  • /tax_item_categories/{id}
  • /taxes/{id}/tax_item_categories
  • /taxes/{id}
  • /transactions/{id}/native_integrations

Template

Scopes: templates_read, templates_write

  • /{type}_templates/{id}/cache
  • /cart_include_templates/{id}/template_sets
  • /cart_include_templates/{id}
  • /cart_templates/{id}/template_sets
  • /cart_templates/{id}
  • /checkout_templates/{id}/template_sets
  • /checkout_templates/{id}
  • /email_templates/{id}/template_sets
  • /email_templates/{id}
  • /language_overrides/{id}
  • /receipt_templates/{id}/template_sets
  • /receipt_templates/{id}
  • /stores/{id}/cart_include_template
  • /stores/{id}/cart_templates
  • /stores/{id}/checkout_templates
  • /stores/{id}/email_templates
  • /stores/{id}/receipt_templates
  • /stores/{id}/template_configs
  • /stores/{id}/template_sets
  • /template_configs/{id}/template_sets
  • /template_configs/{id}
  • /template_sets/{id}/language_overrides
  • /template_sets/{id}

Transaction

Scopes: transactions_read, transactions_write, transactions_resend*

  • /applied_coupon_codes/{id}
  • /applied_taxes/{id}
  • /carts/{id}/discounts
  • /coupon_details/{id}
  • /discount_details/{id}
  • /discounts/{id}
  • /downloadable_purchases/{id}
  • /item_attributes/{id}
  • /item_options/{id}
  • /items/{id}/attributes
  • /items/{id}/coupon_details
  • /items/{id}/discount_details
  • /items/{id}/item_options
  • /items/{id}
  • /payments/{id}
  • /shipment_attributes/{id}
  • /shipment_custom_fields/{id}
  • /shipments/{id}/attributes
  • /shipments/{id}/shipment_custom_fields
  • /shipments/{id}
  • /stores/{id}/downloadable_purchases
  • /stores/{id}/transaction_journal_entries
  • /stores/{id}/transactions
  • /transaction_attributes/{id}
  • /transaction_custom_fields/{id}
  • /transaction_journal_entries/{id}
  • /transaction_log_details/{id}
  • /transaction_logs/{id}/transaction_log_details
  • /transaction_logs/{id}
  • /transactions/{id}/{transaction_action}
  • /transactions/{id}/applied_taxes
  • /transactions/{id}/attributes
  • /transactions/{id}/billing_address
  • /transactions/{id}/billing_addresses
  • /transactions/{id}/discounts
  • /transactions/{id}/items
  • /transactions/{id}/items
  • /transactions/{id}/journal_entries
  • /transactions/{id}/payments
  • /transactions/{id}/send_emails * requires resend permission
  • /transactions/{id}/send_taxes
  • /transactions/{id}/shipment
  • /transactions/{id}/shipments
  • /transactions/{id}/transaction_custom_fields
  • /transactions/{id}/transaction_logs
  • /transactions/{id}/update_status_from_gateway
  • /transactions/{id}

User

Scopes: users_read, users_write

  • /stores/{id}/users
  • /user_attributes/{id}
  • /users/{id}/attributes
  • /users/{id}/stores
  • /users/{id}

Webhook

Scopes: webhooks_read, webhooks_write, webhooks_resend*

  • /customers/{id}/send_webhooks * requires resend permission
  • /native_integrations/{id}
  • /stores/{id}/native_integrations
  • /stores/{id}/process_subscription_webhook * requires resend permission
  • /stores/{id}/send_webhooks * requires resend permission
  • /stores/{id}/webhook_statuses
  • /stores/{id}/webhooks
  • /subscriptions/{id}/send_webhooks * requires resend permission
  • /transactions/{id}/native_integrations_logs
  • /transactions/{id}/native_integrations
  • /transactions/{id}/process_webhook * requires resend permission
  • /transactions/{id}/send_webhooks * requires resend permission
  • /webhook_logs/{id}
  • /webhook_statuses/{id}
  • /webhooks/{id}/logs
  • /webhooks/{id}/statuses
  • /webhooks/{id}