Scopes
Complete reference of available OAuth scopes and the data they grant access to.
Scopes define what data an OAuth application can access. Request only the scopes your integration needs.
Available scopes
| Scope | Description |
|---|---|
read | General read access to the authorized school's data |
write | General write access to the authorized school's data |
courses:read | Read course details, curriculum, and enrollment data |
courses:write | Create, update, and delete courses |
students:read | Read student profiles and progress data |
students:write | Create and update student records, manage enrollments |
analytics:read | Read analytics and reporting data |
curriculum:read | Read curriculum structure (lessons, chapters, materials) |
curriculum:write | Create and update curriculum content |
orders:read | Read order and payment data |
school:read | Read school configuration and settings |
Requesting scopes
Include the desired scopes as a space-separated list in the scope parameter of the authorization request:
/oauth/authorize?scope=read+courses:read+students:read&...Scope hierarchy
The read and write scopes provide broad access. The more specific scopes (e.g., courses:read) can be used when your integration only needs access to a particular resource type.
Use the most restrictive scopes possible for your use case. This follows the principle of least privilege and makes the consent screen clearer for users.
Admin scopes
The admin:read and admin:write scopes are reserved for platform administrators and are not available to third-party applications. They are excluded from the discovery endpoint and dynamic client registration responses.