{"title":"OAuth scopes","category":"default","creationDate":1776961629,"content":"<p>Every OAuth access token has a scope. Scopes limit the access you have to your customer's account resources.<\/p>\n<p>Currently, you cannot change the scope of an existing OAuth client. If you have an access token with a given scope, but want to make API requests outside that scope, you need to <a href=\"\/pt\/partners\/oauth\/integration#step-1-register-your-client\">register a new OAuth client<\/a> and request access to your customer's account resources.<\/p>\n<p>The following scopes are available:<\/p>\n<ul>\n<li><a href=\"#viewing-webhooks\">Viewing webhooks<\/a><\/li>\n<li><a href=\"#viewing-and-editing-webhooks\">Viewing and editing webhooks<\/a><\/li>\n<li><a href=\"#make-online-payments\">Make online payments<\/a>\n<ul>\n<li><a href=\"#integrating-online-payments-using-oauth\">Integrating online payments using OAuth<\/a>\n<ul>\n<li><a href=\"#step-1-add-allowed-origins\">Step 1: Add allowed origins<\/a><\/li>\n<li><a href=\"#step-2-generate-a-client-key\">Step 2: Generate a client key<\/a><\/li>\n<li><a href=\"#step-3-retrieve-your-url-prefix\">Step 3: Retrieve your URL prefix<\/a><\/li>\n<\/ul><\/li>\n<\/ul><\/li>\n<li><a href=\"#tokenize-payment-details\">Tokenize payment details<\/a><\/li>\n<li><a href=\"#handle-raw-card-data\">Handle raw card data<\/a><\/li>\n<li><a href=\"#manage-payment-links\">Manage payment links<\/a><\/li>\n<li><a href=\"#modify-account-settings\">Modify account settings<\/a><\/li>\n<\/ul>\n<h2>Viewing webhooks<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.webhook:read<\/code><\/p>\n<p>Lets you view webhook configurations for your customer's merchant account.<\/p>\n<p>Gives access to the following Management API requests:<\/p>\n<ul>\n<li>GET  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/get\/merchants\/(merchantId)\/webhooks\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks<\/a><\/li>\n<li>GET  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/get\/merchants\/(merchantId)\/webhooks\/(webhookId)\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}<\/a><\/li>\n<li>POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/post\/merchants\/(merchantId)\/webhooks\/(webhookId)\/test\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}\/test<\/a><\/li>\n<\/ul>\n<h2>Viewing and editing webhooks<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.webhook:write<\/code><\/p>\n<p>Lets you view, create, edit, and delete webhook configurations for your customer's merchant account.<\/p>\n<p>Gives access to the following Management API requests:<\/p>\n<ul>\n<li>GET  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/get\/merchants\/(merchantId)\/webhooks\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks<\/a><\/li>\n<li>GET  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/get\/merchants\/(merchantId)\/webhooks\/(webhookId)\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}<\/a><\/li>\n<li>POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/post\/merchants\/(merchantId)\/webhooks\/(webhookId)\/test\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}\/test<\/a><\/li>\n<li>POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/post\/merchants\/(merchantId)\/webhooks\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks<\/a><\/li>\n<li>PATCH  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/patch\/merchants\/(merchantId)\/webhooks\/(webhookId)\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}<\/a><\/li>\n<li>DELETE  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/delete\/merchants\/(merchantId)\/webhooks\/(webhookId)\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}\/webhooks\/{webhookId}<\/a><\/li>\n<\/ul>\n<h2>Make online payments<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.onlinepayment:write<\/code><\/p>\n<p>Lets you process online payments on behalf of your customer.<\/p>\n<p>This scope does not let you:<\/p>\n<ul>\n<li><a href=\"#tokenize-payment-details\">Tokenize payment details<\/a><\/li>\n<li><a href=\"#handle-raw-card-data\">Handle raw card data<\/a><\/li>\n<li><a href=\"#manage-payment-links\">Manage payment links<\/a><\/li>\n<\/ul>\n<p>Request these scopes separately.<\/p>\n<p>Gives access to the following Management API requests:<\/p>\n<ul>\n<li>POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/post\/me\/allowedOrigins\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/me\/allowedOrigins<\/a><\/li>\n<li>POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/post\/me\/generateClientKey\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/me\/generateClientKey<\/a> <code>\/me\/generateClientKey<\/code><\/li>\n<\/ul>\n<p>Gives access to the following <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/70\/overview\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Checkout API<\/a> request groups:<\/p>\n<ul>\n<li>Payments<\/li>\n<li>Modifications<\/li>\n<li>Recurring (only GET <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/70\/get\/storedPaymentMethods\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\n  <code>\/storedPaymentMethods<\/code>\n<\/a>). Requires Checkout v70.<\/li>\n<li>Orders<\/li>\n<li>Utility<\/li>\n<\/ul>\n<h3>Integrating online payments using OAuth<\/h3>\n<p>When integrating online payments using OAuth, remember that OAuth is simply an alternative method of authenticating API requests. This means all our <a href=\"\/pt\/online-payments\">online payments documentation<\/a> still applies.<\/p>\n<p>However, because OAuth doesn't grant you access to your customers' Customer Area, you can only set up the resources for client-side authentication through our APIs, outlined in the step below:<\/p>\n<h4>Step 1: Add allowed origins<\/h4>\n<p><a href=\"\/pt\/development-resources\/client-side-authentication#allowed-origins\">Allowed origins<\/a> are domains from which you make client-side requests. This means you need to add the domains on which you are accepting payments as allowed origins. To do so, make a POST request to the <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/1\/post\/me\/allowedOrigins\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\n  <code>\/me\/allowedOrigins<\/code>\n<\/a> endpoint.<\/p>\n<h4>Step 2: Generate a client key<\/h4>\n<p>When using Components or Drop-in to accept payments online, you need a client key for <a href=\"\/pt\/development-resources\/client-side-authentication\">client-side authentication<\/a>.<\/p>\n<p>To generate your client key, make a POST request to the <code>\/me\/generateClientKey<\/code> endpoint:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter name<\/th>\n<th style=\"text-align: center;\">Required<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><em>ADYEN_MANAGEMENT_API_BASE_URL<\/em><\/td>\n<td style=\"text-align: center;\"><img title=\"-white_check_mark-\" alt=\"-white_check_mark-\" class=\"smileys\" src=\"\/user\/data\/smileys\/emoji\/white_check_mark.png\" \/><\/td>\n<td>The base URL of the Management API: <br \/> <ul><li>For test environment, set to <code>management-test.adyen.com<\/code>.<\/li><li>For live environment, set to <code>management-live.adyen.com<\/code>.<\/li><\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<pre><code class=\"language-bash\">curl --request POST 'https:\/\/{ADYEN_MANAGEMENT_API_BASE_URL}\/v3\/me\/generateClientKey' \\\n--header 'Authorization: Bearer {ACCESS_TOKEN}' \\\n--header 'Content-Type: application\/json'<\/code><\/pre>\n<h4>Step 3: Retrieve your URL prefix<\/h4>\n<p>The URLs of our payment APIs have <a href=\"\/pt\/development-resources\/live-endpoints\">account-specific prefixes<\/a> for our live environment. To make API requests to process payments on behalf of your customer, you need their account-specific prefix.<\/p>\n<p>To retrieve your customer's account-specific, make a GET request to the  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Management\/latest\/get\/merchants\/(merchantId)\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/merchants\/{merchantId}<\/a> endpoint. In the response, the <code>livePrefix<\/code> is in the <code>dataCenters<\/code> array:<\/p>\n<div class=\"sc-notice info\"><div>\n<p>The <code>merchantId<\/code> that you need to pass as a query parameter can be found in the <a href=\"\/pt\/partners\/oauth\/integration#handle-the-response\">response of code exchange<\/a> for <code>accounts<\/code>.<\/p>\n<\/div><\/div>\n<pre><code class=\"language-json\">[...]\n\"dataCenters\": [\n    {\n        \"name\": \"\",\n        \"livePrefix\": \"\"\n    }\n],\n[...]<\/code><\/pre>\n<h2>Tokenize payment details<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.onlinepayment.tokenization:write<\/code><\/p>\n<p>Extends the functionality of the <code>psp.onlinepayment:write<\/code> scope by letting you <a href=\"\/pt\/online-payments\/tokenization\">tokenize a shopper's payment details<\/a> to process recurring payments.<\/p>\n<p>Furthermore, the scope gives you access to the <strong>Recurring<\/strong> requests of the <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/70\/overview\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Checkout API<\/a>, which let you list and delete stored tokens.<\/p>\n<div class=\"sc-notice warning\"><div>\n<p>This scope does <em>not<\/em> let you tokenize payment details through the <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Recurring\/latest\/overview\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Recurring API<\/a>.<\/p>\n<\/div><\/div>\n<h2>Handle raw card data<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.rawcarddata:write<\/code><\/p>\n<p>Extends the functionality of the <code>psp.onlinepayment:write<\/code> scope by enabling you to submit raw card data.<\/p>\n<p>This scope is disabled by default and <a href=\"\/pt\/development-resources\/pci-dss-compliance-guide?tab=api_only_4#online-payments\">requires PCI-DSS Self-Assessment Questionnaire D<\/a>. To enable, contact your account manager.<\/p>\n<h2>Manage payment links<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp:paybylink:write<\/code><\/p>\n<p>Lets you create and update <a href=\"\/pt\/unified-commerce\/pay-by-link\">payment links<\/a>.<\/p>\n<p>To tokenize a shopper's payment details using payment link, you need also need:<\/p>\n<ul>\n<li><a href=\"#tokenize-payment-details\">Tokenize payment details<\/a> scope<\/li>\n<li><a href=\"#make-online-payments\">Make online payments<\/a> scope<\/li>\n<\/ul>\n<p>In case you want to tokenize your shopper's payment details, you need the scope <code>psp.onlinepayment.tokenization:write<\/code> and <code>psp.onlinepayment:write<\/code> in order to make subsequent recurring payments.<\/p>\n<h2>Modify account settings<\/h2>\n<p><strong>Scope identifier<\/strong>: <code>psp.accountsettings:write<\/code><\/p>\n<p>Lets you modify merchant account settings.<\/p>\n<p>Gives access to the following API request:<\/p>\n<ul>\n<li>GET <code>\/merchants\/{merchantId}<\/code><\/li>\n<\/ul>","url":"https:\/\/docs.adyen.com\/pt\/partners\/oauth\/scopes","articleFields":{"description":"Limit your application's access to your customer's resources.","feedback_component":true,"robots":"noindex,nofollow"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/partners\/oauth\/scopes","title":"OAuth scopes","content":"Every OAuth access token has a scope. Scopes limit the access you have to your customer's account resources.\nCurrently, you cannot change the scope of an existing OAuth client. If you have an access token with a given scope, but want to make API requests outside that scope, you need to register a new OAuth client and request access to your customer's account resources.\nThe following scopes are available:\n\nViewing webhooks\nViewing and editing webhooks\nMake online payments\n\nIntegrating online payments using OAuth\n\nStep 1: Add allowed origins\nStep 2: Generate a client key\nStep 3: Retrieve your URL prefix\n\n\nTokenize payment details\nHandle raw card data\nManage payment links\nModify account settings\n\nViewing webhooks\nScope identifier: psp.webhook:read\nLets you view webhook configurations for your customer's merchant account.\nGives access to the following Management API requests:\n\nGET  \/merchants\/{merchantId}\/webhooks\nGET  \/merchants\/{merchantId}\/webhooks\/{webhookId}\nPOST  \/merchants\/{merchantId}\/webhooks\/{webhookId}\/test\n\nViewing and editing webhooks\nScope identifier: psp.webhook:write\nLets you view, create, edit, and delete webhook configurations for your customer's merchant account.\nGives access to the following Management API requests:\n\nGET  \/merchants\/{merchantId}\/webhooks\nGET  \/merchants\/{merchantId}\/webhooks\/{webhookId}\nPOST  \/merchants\/{merchantId}\/webhooks\/{webhookId}\/test\nPOST  \/merchants\/{merchantId}\/webhooks\nPATCH  \/merchants\/{merchantId}\/webhooks\/{webhookId}\nDELETE  \/merchants\/{merchantId}\/webhooks\/{webhookId}\n\nMake online payments\nScope identifier: psp.onlinepayment:write\nLets you process online payments on behalf of your customer.\nThis scope does not let you:\n\nTokenize payment details\nHandle raw card data\nManage payment links\n\nRequest these scopes separately.\nGives access to the following Management API requests:\n\nPOST  \/me\/allowedOrigins\nPOST  \/me\/generateClientKey \/me\/generateClientKey\n\nGives access to the following Checkout API request groups:\n\nPayments\nModifications\nRecurring (only GET \n  \/storedPaymentMethods\n). Requires Checkout v70.\nOrders\nUtility\n\nIntegrating online payments using OAuth\nWhen integrating online payments using OAuth, remember that OAuth is simply an alternative method of authenticating API requests. This means all our online payments documentation still applies.\nHowever, because OAuth doesn't grant you access to your customers' Customer Area, you can only set up the resources for client-side authentication through our APIs, outlined in the step below:\nStep 1: Add allowed origins\nAllowed origins are domains from which you make client-side requests. This means you need to add the domains on which you are accepting payments as allowed origins. To do so, make a POST request to the \n  \/me\/allowedOrigins\n endpoint.\nStep 2: Generate a client key\nWhen using Components or Drop-in to accept payments online, you need a client key for client-side authentication.\nTo generate your client key, make a POST request to the \/me\/generateClientKey endpoint:\n\n\n\nParameter name\nRequired\nDescription\n\n\n\n\nADYEN_MANAGEMENT_API_BASE_URL\n\nThe base URL of the Management API:  For test environment, set to management-test.adyen.com.For live environment, set to management-live.adyen.com.\n\n\n\ncurl --request POST 'https:\/\/{ADYEN_MANAGEMENT_API_BASE_URL}\/v3\/me\/generateClientKey' \\\n--header 'Authorization: Bearer {ACCESS_TOKEN}' \\\n--header 'Content-Type: application\/json'\nStep 3: Retrieve your URL prefix\nThe URLs of our payment APIs have account-specific prefixes for our live environment. To make API requests to process payments on behalf of your customer, you need their account-specific prefix.\nTo retrieve your customer's account-specific, make a GET request to the  \/merchants\/{merchantId} endpoint. In the response, the livePrefix is in the dataCenters array:\n\nThe merchantId that you need to pass as a query parameter can be found in the response of code exchange for accounts.\n\n[...]\n\"dataCenters\": [\n    {\n        \"name\": \"\",\n        \"livePrefix\": \"\"\n    }\n],\n[...]\nTokenize payment details\nScope identifier: psp.onlinepayment.tokenization:write\nExtends the functionality of the psp.onlinepayment:write scope by letting you tokenize a shopper's payment details to process recurring payments.\nFurthermore, the scope gives you access to the Recurring requests of the Checkout API, which let you list and delete stored tokens.\n\nThis scope does not let you tokenize payment details through the Recurring API.\n\nHandle raw card data\nScope identifier: psp.rawcarddata:write\nExtends the functionality of the psp.onlinepayment:write scope by enabling you to submit raw card data.\nThis scope is disabled by default and requires PCI-DSS Self-Assessment Questionnaire D. To enable, contact your account manager.\nManage payment links\nScope identifier: psp:paybylink:write\nLets you create and update payment links.\nTo tokenize a shopper's payment details using payment link, you need also need:\n\nTokenize payment details scope\nMake online payments scope\n\nIn case you want to tokenize your shopper's payment details, you need the scope psp.onlinepayment.tokenization:write and psp.onlinepayment:write in order to make subsequent recurring payments.\nModify account settings\nScope identifier: psp.accountsettings:write\nLets you modify merchant account settings.\nGives access to the following API request:\n\nGET \/merchants\/{merchantId}\n","type":"page","locale":"pt","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Partners","lvl2":"OAuth","lvl3":"OAuth scopes"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/partners","lvl2":"https:\/\/docs.adyen.com\/pt\/partners\/oauth","lvl3":"\/pt\/partners\/oauth\/scopes"},"levels":4,"category":"","category_color":"","tags":["OAuth","scopes"]}}