Scopes control which operations your API key is allowed to perform.
Each scope corresponds to a permission level on a module.read ā allows fetching data (queries).
write ā allows creating updating and deleting data (mutations).
Default Behavior#
When you create a new API key, you need configure read and write scopes manually in the Qpien dashboard.
After updating scopes, you must generate a new access token for the changes to take effect.
Scopes#
CustomerPersons#
| Operation | Required Scope |
|---|
getCustomerPerson | read_customerPersons |
getCustomerPersonList | read_customerPersons |
createCustomerPerson | write_customerPersons |
updateCustomerPerson | write_customerPersons |
deleteCustomerPerson | write_customerPersons |
Conversations#
| Operation | Required Scope |
|---|
getConversation | read_conversations |
getConversationList | read_conversations |
updateConversation | write_conversations |
| Operation | Required Scope |
|---|
getContact | read_contacts |
getContactList | read_contacts |
createContact | write_contacts |
updateContact | write_contacts |
deleteContact | write_contacts |
Messages#
| Operation | Required Scope |
|---|
getMessages | read_messages |
createMessage | write_messages |
Channels#
| Operation | Required Scope |
|---|
getAllConnectedPlatformList | read_channels |
Whatsapp Business Templates#
| Operation | Required Scope |
|---|
getWhatsappBusinessTemplate | read_whatsappBusinessTemplates |
getWhatsappBusinessTemplateList | read_whatsappBusinessTemplates |
Example: Insufficient Scopes#
If your token does not have the required scope for an operation, you will receive an error response:{
"errors": [
{
"message": "Insufficient scopes for this operation",
"extensions": {
"code": "INSUFFICIENT_SCOPES",
"requiredScope": "write_contacts"
},
"success": false
}
]
}
Best Practices#
š Follow the principle of least privilege: enable only the scopes your integration needs.š Remember to regenerate your access token after updating scopes.š Store scope information securely and avoid exposing tokens in client-side applications. Modified atĀ 2025-11-28 08:52:04
