What are Scopes?
Scopes are like permissions that control what your app can do when users connect it to their Fanvue account using OAuth 2.0. Think of them as specific access levels that determine which resources your application can read from or write to. When you create your OAuth app, you’ll specify which scopes you need based on what your app does. This ensures your application only has access to the data and features it actually needs, following the principle of least privilege for better security. To learn more about OAuth 2.0 and how to set up your app, check out our OAuth Tutorial.How Scopes Work
- Permission Control: Each scope grants access to specific resources and actions
- Request Validation: Every API request checks if your access token has the required scopes
- Error Handling: Requests without sufficient scopes return a
403 Forbiddenerror - App Configuration: Scopes are set when you create your OAuth app and determine what permissions users can grant
Available Scopes
The following table lists all available scopes organized by resource:| Resource | Scopes |
|---|---|
| User | read:self |
| Chat | read:chat, write:chat |
| Fan | read:fan |
| Creator | read:creator, write:creator |
| Media | read:media, write:media |
| Posts | read:post, write:post |
| Insights | read:insights |
| Tracking Links | read:tracking_links, write:tracking_links |
| Agency | read:agency, write:agency |
Scope Descriptions
read:selfAccess your own user profile information, including basic account details and settings.
read:chatRead chat conversations, messages, and chat-related data. This includes viewing chat lists and message history.
write:chatCreate new chats and send messages. This scope is required for any chat-related actions that modify data.
read:fanAccess fan-related data and information within the platform.
read:creator
Access creator profiles, content, and creator-specific information.
write:creator
Modify creator profiles, settings, and creator-specific data.
read:media
Access media files, images, videos, and other content assets.
write:media
Upload, modify, and manage media files and content assets. Also required for vault folder management.
read:post
Read posts, including post details, comments, likes, and tips.
write:post
Create, edit, and manage posts and content on behalf of users.
read:insights
Access analytics, metrics, and insights data for performance tracking.
read:tracking_links
Read tracking links and the users associated with them, including per-user tracking metadata.
write:tracking_links
Create and delete tracking links.
read:agency
Read agency information, including the agency’s team members.
write:agency
Manage agency team members and invites, including inviting new team members and creators.
Setting Up Scopes
When creating your OAuth app, you’ll configure which scopes your app can request:- Choose the scopes your app actually needs
- Follow the principle of least privilege - only request what’s necessary
- Consider your users - they’ll see what permissions you’re asking for
Error Handling
If your access token doesn’t have the required scopes for a request, you’ll receive:403 Forbidden HTTP status code. Make sure your app requests all necessary scopes and that users have granted them.