API Integration Permission Scopes
To give your API integration access to the capabilities of Marketing Cloud Engagement, assign it permission scopes in Installed Packages. A scope usually represents a collection of related permissions and behaviors. Assign only the scopes that your package needs. To learn about how these scopes map to permission IDs and API resources, see REST Permissions and Scopes.
Server-to-server integrations that use the Client Credentials grant type perform tasks on behalf of the integration. The scopes that you assign to these integrations represent the capabilities that the integration can access.
Web app and public app integrations that use the Authorization Code grant type perform tasks on behalf of an end user. These integrations use the permissions that the app and the user have in common. The scopes that you assign to these integrations represent which features the integration can access. However, the scopes don’t account for the functionality that the end user can access. To request and compare scopes against user permissions, issue a GET request to the v2/userinfo endpoint after your app completes the authorization code flow.
Enables email message management and sending. Available scopes: Read, Write, and Send.
- OTT
Enables Chat message management and sending. Available scopes: Read and Send.
- Push
Enables Push message management and sending. Available scopes: Read, Write, and Send
- SMS
Enables SMS message management and sending. Available scopes: Read, Write, and Send.
- Social
Available scopes: Read, Write, Publish, and Post.
- Web
Available scopes: Read, Write, and Publish.
- Documents and Images
Enables management of documents and images in the portfolio or image library. Available scopes: Read and Write.
- Saved Content
Enables management of content saved in content areas, surveys, and coupons. Available scopes: Read and Write.
- Automations
Enables management of Programs and activities. Available scopes: Read, Write, and Execute.
- Journeys (Interactions)
Enables management of Journeys. Available scopes: Read, Write, and Execute.
- Audiences
Available scopes: Read and Write
- Lists and Subscribers
Enables management of subscribers, lists, groups, filters, measures, and preference management. Available scopes: Read, Write
- Data Extensions
Enables management of data extensions and relationships. Available scopes: Read and Write.
- File Locations
Available scopes: Read, Write
- Tracking Events
Enables management of tracking event data associated with channels. Available scope: Read
- Approvals
Enables management of approval items. Can edit and delete approval comments. Can enable approvals for any channel. Available scope: Write.
- Calendar
Enables management of calendar events. Available scopes: Read and Write.
- Campaign
Enables management of campaigns. Available scopes: Read and Write.
- Tags
Available scope: Write.
- Workflows
Enables management of workflow teams. Available scope: Write.
- Organizations
Enables management of accounts, business units, and child accounts. Available scopes: Read and Write.
- OTT Channels
Enables management of Chat message resources. Available scopes: Read and Write.
- Users
Enables management of users, roles, and permissions. Available scopes: Read and Write.
- Webhooks
Available scopes: Read, Write
This table lists SOAP API operations that Installed Packages can access. You can’t change the ability of Installed Packages to access these operations.
| Object | Operation | Description |
|---|---|---|
AccountTrackingAggregate | Retrieve | Contains email tracking information aggregated at the account level. |
Activity | Retrieve | Contains the definition of a workflow step or action in an automation. |
ActivityInstance | Retrieve | Contains information about the execution of an activity in an automation instance. |
AsyncActivityStatus | Retrieve | Contains information about the status of an asynchronous job. |
AutomationInstance | Retrieve | Contains information about the execution of an automation. |
FrameworkHealthCheck | Create, Delete, Retrieve, Update | Provides system health information. |
ImportResultsSummary | Retrieve | Contains status and summary information about an import job. |
LinkClickTrackingAggregate | Retrieve | Contains aggregated tracking data for link clicks. |
ListSendTrackingAggregate | Retrieve | Contains email tracking information aggregated by list send. |
LowLatencyTransactionalSend | Create | Send a transactional email. |
Program | Create, Delete, Perform, Retrieve, Update | Contains the definition of an automation, including its schedule and tasks. |
ProgramInstance | Retrieve | Contains information about a single run or execution of an automation. |
ResultItem | Retrieve | Contains result data for API operations. |
ResultMessage | Retrieve | Contains result and error messages from API operations. |
ScheduledConversation | Delete | Asynchronously delete a scheduled conversation. |
ScheduledRequest | Delete | Asynchronously delete a scheduled request. |
SubscriberTrackingAggregate | Retrieve | Contains email tracking information aggregated at the subscriber level. |
Task | Retrieve | Contains the definition of a group of activities in an automation. |
TaskInstance | Retrieve | Contains information about the execution of a task in an automation instance. |
TrackingEvent | Retrieve | Contains generic tracking events. |
TriggeredSendTrackingAggregate | Retrieve | Contains email tracking information aggregated by triggered send. |