API Integration Permission Scopes

To let your API integration access Marketing Cloud functionality, assign it permissions, or scopes, in Installed Packages. Assign only the scopes that your package needs. A scope usually represents a collection of related permissions and behaviors in Marketing Cloud. Review REST Permissions and Scopes to see how these scopes map to permission IDs and API resources.

Server-to-server integrations using the client credentials grant type perform tasks on behalf of the integration. The scopes that are assigned to these integrations represent which Marketing Cloud functionality the integration can access.

Web app and public app integrations using the authorization code grant type perform tasks on behalf of an end user and use the intersection of the app’s permissions and the user’s permissions. The scopes that are assigned to these integrations represent which Marketing Cloud functionality the integration can access. However, the scopes don’t account for the functionality that the end user can access. Request and compare scopes against user permissions by calling the v2/userinfo resource after your app completes the authorization code flow.

This list shows the available scopes you can request.

• Email - Read, Write, Send
  Email message management and sending
• OTT - Read, Send
  Chat message management and sending
• Push - Read, Write, Send
  Push message management and sending
• SMS - Read, Write, Send
  SMS message management and sending
• Social - Read, Write, Publish, Post
• Web - Read, Write, Publish

• Documents and Images - Read, Write
  Documents and images in the portfolio or image library
• Saved Content - Read, Write
  Content saved in content areas, surveys, and coupons

• Automations - Read, Write, Execute
  Programs and activities
• Journeys (Interactions) - Read, Write, Execute

• Audiences - Read, Write
• Lists and Subscribers - Read, Write
  Subscribers, lists, groups, filters, measures, and preference management

• Data Extensions - Read, Write
  Data extensions and relationships
• File Locations - Read, Write
• Tracking Events - Read
  Tracking event data associated with channels

• Approvals - Write
  Create, manage, and delete approval items. Edit and delete approval comments. Enable approvals for any channel.

• Calendar - Read, Write
  Calendar event management

• Campaign - Read, Write
  Campaign management and association

• Tags - Write\

• Workflows - Write
  Create, manage, and delete workflow teams. Add and remove users to teams. Create and edit workflow definitions.

• Organizations - Read, Write
  Accounts, business units, and child accounts
• OTT Channels - Read, Write
  Chat message resource provisioning
• Users - Read, Write
  Users, roles, and permissions

• Webhooks - Read, Write

• REST API Permission IDs and Scopes
• v2/userinfo Resource
• Server-to-Server Integrations with Client Credentials Grant Type
• Web and Public App Integrations with Authorization Code Grant Type