Skip to main content

Overview

Scopes define what operations an API key can perform. When creating an API key, you assign specific scopes to limit its access to only the resources it needs.
Principle of least privilege: Always assign the minimum scopes required for your integration to function.

Available Scopes

Contacts

ScopeDescription
contacts:readList and retrieve contact details
contacts:writeCreate, update, and delete contacts
contacts:*All contact permissions
Endpoints:
  • GET /api/v1/contacts - requires contacts:read
  • POST /api/v1/contacts - requires contacts:write
  • GET /api/v1/contacts/:id - requires contacts:read
  • PATCH /api/v1/contacts/:id - requires contacts:write
  • DELETE /api/v1/contacts/:id - requires contacts:write

Surveys

ScopeDescription
surveys:readList and retrieve survey details
surveys:writeCreate, update, and delete surveys
surveys:sendTrigger survey sends to contacts
surveys:*All survey permissions
Endpoints:
  • GET /api/v1/surveys - requires surveys:read
  • POST /api/v1/surveys - requires surveys:write
  • GET /api/v1/surveys/:id - requires surveys:read
  • PATCH /api/v1/surveys/:id - requires surveys:write
  • DELETE /api/v1/surveys/:id - requires surveys:write

Sequences

ScopeDescription
sequences:readList and retrieve sequence details
sequences:executeTrigger sequences for contacts
sequences:*All sequence permissions
Endpoints:
  • GET /api/v1/sequences - requires sequences:read
  • GET /api/v1/sequences/:id - requires sequences:read
  • POST /api/v1/sequences/:id/execute - requires sequences:execute

Responses

ScopeDescription
responses:readList and retrieve survey responses
responses:*All response permissions
Endpoints:
  • GET /api/v1/responses - requires responses:read
  • GET /api/v1/responses/:id - requires responses:read

Reviews

ScopeDescription
reviews:readList and retrieve customer reviews
reviews:writeCreate and update review replies
reviews:*All review permissions
Endpoints:
  • GET /api/v1/reviews - requires reviews:read
  • GET /api/v1/reviews/:id - requires reviews:read
  • POST /api/v1/reviews/:id/reply - requires reviews:write
  • PATCH /api/v1/reviews/:id/reply - requires reviews:write

Webhooks

ScopeDescription
webhooks:readList and retrieve webhook configurations
webhooks:writeCreate, update, and delete webhooks
webhooks:*All webhook permissions

Admin

ScopeDescription
adminFull access to all resources (use sparingly)
The admin scope grants unrestricted access to your entire organization’s data. Only use this for internal tools or trusted integrations.

Wildcard Scopes

You can use wildcards to grant all permissions for a resource:
  • contacts:* - All contact operations (read + write)
  • surveys:* - All survey operations (read + write + send)
  • sequences:* - All sequence operations (read + execute)

Scope Checking

When an API key doesn’t have the required scope, you’ll receive: Status: 403 Forbidden 
{
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "This API key does not have the required scope: contacts:write",
    "requiredScope": "contacts:write",
    "availableScopes": ["contacts:read", "surveys:read"]
  }
}

Common Scope Combinations

For dashboards that display metrics but don’t modify data:
["responses:read", "reviews:read", "contacts:read"]
For two-way contact synchronization with your CRM:
["contacts:read", "contacts:write", "responses:read"]
For triggering surveys and sequences based on customer actions:
["contacts:write", "sequences:execute", "responses:read"]
For monitoring and responding to customer reviews:
["reviews:read", "reviews:write"]

Next Steps

Authentication

Learn how to create API keys

Quick Start

Make your first API call