API Integration Permission Scopes

To let your API integration access Marketing Cloud Engagement functionality, assign it permissions, or scopes, in Installed Packages. Assign only the scopes that your package needs. A scope usually represents a collection of related permissions and behaviors. Review REST Permissions and Scopes to see how these scopes map to permission IDs and API resources.

Server-to-server integrations using the client credentials grant type perform tasks on behalf of the integration. The scopes that are assigned to these integrations represent the functionality that the integration can access.

Web app and public app integrations using the authorization code grant type perform tasks on behalf of an end user and use the intersection of the app’s permissions and the user’s permissions. The scopes that are assigned to these integrations represent which features the integration can access. However, the scopes don’t account for the functionality that the end user can access. Request and compare scopes against user permissions by calling the v2/userinfo resource after your app completes the authorization code flow.

Email

Enables email message management and sending. Available scopes: Read, Write, and Send.

OTT

Enables Chat message management and sending. Available scopes: Read and Send.

Push

Enables Push message management and sending. Available scopes: Read, Write, and Send

SMS

Enables SMS message management and sending. Available scopes: Read, Write, and Send.

Social

Available scopes: Read, Write, Publish, and Post.

Web

Available scopes: Read, Write, and Publish.

Documents and Images

Enables management of documents and images in the portfolio or image library. Available scopes: Read and Write.

Saved Content

Enables management of content saved in content areas, surveys, and coupons. Available scopes: Read and Write.

Automations

Enables management of Programs and activities. Available scopes: Read, Write, and Execute.

Journeys (Interactions)

Enables management of Journeys. Available scopes: Read, Write, and Execute.

Audiences

Available scopes: Read and Write

Lists and Subscribers

Enables management of subscribers, lists, groups, filters, measures, and preference management. Available scopes: Read, Write

Data Extensions

Enables management of data extensions and relationships. Available scopes: Read and Write.

File Locations

Available scopes: Read, Write

Tracking Events

Enables management of tracking event data associated with channels. Available scope: Read

Approvals

Enables management of approval items. Can edit and delete approval comments. Can enable approvals for any channel. Available scope: Write.

Calendar

Enables management of calendar events. Available scopes: Read and Write.

Campaign

Enables management of campaigns. Available scopes: Read and Write.

Tags

Available scope: Write.

Workflows

Enables management of workflow teams. Available scope: Write.

Organizations

Enables management of accounts, business units, and child accounts. Available scopes: Read and Write.

OTT Channels

Enables management of Chat message resources. Available scopes: Read and Write.

Users

Enables management of users, roles, and permissions. Available scopes: Read and Write.

Webhooks

Available scopes: Read, Write

• REST API Permission IDs and Scopes
• v2/userinfo Resource
• Server-to-Server Integrations with Client Credentials Grant Type
• Web and Public App Integrations with Authorization Code Grant Type