OAuth scopes

Every OAuth access token has a scope. Scopes limit the access you have to your customer's account resources.

Currently, you cannot change the scope of an existing OAuth client. If you have an access token with a given scope, but want to make API requests outside that scope, you need to register a new OAuth client and request access to your customer's account resources.

The following scopes are available:

• Viewing webhooks
• Viewing and editing webhooks
• Make online payments
  • Integrating online payments using OAuth
    • Step 1: Add allowed origins
    • Step 2: Generate a client key
    • Step 3: Retrieve your URL prefix
• Tokenize payment details
• Handle raw card data
• Manage payment links
• Modify account settings

Viewing webhooks

Scope identifier: psp.webhook:read

Lets you view webhook configurations for your customer's merchant account.

Gives access to the following Management API requests:

• GET /merchants/{merchantId}/webhooks
• GET /merchants/{merchantId}/webhooks/{webhookId}
• POST /merchants/{merchantId}/webhooks/{webhookId}/test

Viewing and editing webhooks

Scope identifier: psp.webhook:write

Lets you view, create, edit, and delete webhook configurations for your customer's merchant account.

Gives access to the following Management API requests:

• GET /merchants/{merchantId}/webhooks
• GET /merchants/{merchantId}/webhooks/{webhookId}
• POST /merchants/{merchantId}/webhooks/{webhookId}/test
• POST /merchants/{merchantId}/webhooks
• PATCH /merchants/{merchantId}/webhooks/{webhookId}
• DELETE /merchants/{merchantId}/webhooks/{webhookId}

Make online payments

Scope identifier: psp.onlinepayment:write

Lets you process online payments on behalf of your customer.

This scope does not let you:

• Tokenize payment details
• Handle raw card data
• Manage payment links

Request these scopes separately.

Gives access to the following Management API requests:

• POST /me/allowedOrigins
• POST /me/generateClientKey /me/generateClientKey

Gives access to the following Checkout API request groups:

• Payments
• Modifications
• Recurring (only GET /storedPaymentMethods ). Requires Checkout v70.
• Orders
• Utility

Integrating online payments using OAuth

When integrating online payments using OAuth, remember that OAuth is simply an alternative method of authenticating API requests. This means all our online payments documentation still applies.

However, because OAuth doesn't grant you access to your customers' Customer Area, you can only set up the resources for client-side authentication through our APIs, outlined in the step below:

Step 1: Add allowed origins

Allowed origins are domains from which you make client-side requests. This means you need to add the domains on which you are accepting payments as allowed origins. To do so, make a POST request to the /me/allowedOrigins endpoint.

Step 2: Generate a client key

When using Components or Drop-in to accept payments online, you need a client key for client-side authentication.

To generate your client key, make a POST request to the /me/generateClientKey endpoint:

Parameter name	Required	Description
ADYEN_MANAGEMENT_API_BASE_URL		The base URL of the Management API: For test environment, set to management-test.adyen.com. For live environment, set to management-live.adyen.com.

curl --request POST 'https://{ADYEN_MANAGEMENT_API_BASE_URL}/v3/me/generateClientKey' \
--header 'Authorization: Bearer {ACCESS_TOKEN}' \
--header 'Content-Type: application/json'

Step 3: Retrieve your URL prefix

The URLs of our payment APIs have account-specific prefixes for our live environment. To make API requests to process payments on behalf of your customer, you need their account-specific prefix.

To retrieve your customer's account-specific, make a GET request to the /merchants/{merchantId} endpoint. In the response, the livePrefix is in the dataCenters array:

[...]
"dataCenters": [
    {
        "name": "",
        "livePrefix": ""
    }
],
[...]

Tokenize payment details

Scope identifier: psp.onlinepayment.tokenization:write

Extends the functionality of the psp.onlinepayment:write scope by letting you tokenize a shopper's payment details to process recurring payments.

Furthermore, the scope gives you access to the Recurring requests of the Checkout API, which let you list and delete stored tokens.

Handle raw card data

Scope identifier: psp.rawcarddata:write

Extends the functionality of the psp.onlinepayment:write scope by enabling you to submit raw card data.

This scope is disabled by default and requires PCI-DSS Self-Assessment Questionnaire D. To enable, contact your account manager.

Manage payment links

Scope identifier: psp:paybylink:write

Lets you create and update payment links.

To tokenize a shopper's payment details using payment link, you need also need:

• Tokenize payment details scope
• Make online payments scope

In case you want to tokenize your shopper's payment details, you need the scope psp.onlinepayment.tokenization:write and psp.onlinepayment:write in order to make subsequent recurring payments.

Modify account settings

Scope identifier: psp.accountsettings:write

Lets you modify merchant account settings.

Gives access to the following API request:

• GET /merchants/{merchantId}