Skip to main content

Scopes

Scopes are used to limit the amount of information that is returned from the API. The scope of a given token can be decreased at any time, but it cannot be increased and any removed scopes cannot be recovered without re-authenticating.

Service integration scopes

Service integrations are granted a set of scopes at the time of creation. Approved scopes cannot be changed without updating the integration in Housekeeping. The following scopes are available for use with service integrations:

ScopeDescription
user:readRead-only access to user data
user:roles:updateAccess to updating user roles data
registration:readRead-only access to registration data
volunteer:readRead-only access to volunteer data

OBO scopes

On Behalf Of (OBO) integrations are granted a set of scopes at the time of authentication by the end-user. Scopes can be dropped when they are no longer required by passing a subset of approved scopes in the token refresh flow. Additional scopes can be requested by re-authenticating the end-user.

The following scopes are available for use with OBO integrations:

ScopeDescriptionAdditional Info
pii:basicRead-only access to user's basic account data
pii:emailRead-only access to user's email address
pii:phoneRead-only access to user's phone number
pii:addressRead-only access to user's address
pii:finance:readRead-only access to user's order history
con:readRead-only access to user's attendee registration
admin:ticket:readRead-only access to all QuikTicket™ ticketsRequires administrator permission
admin:ticket:scanMark a QuikTicket™ ticket as scannedRequires administrator permission