Scopes
Scope is a mechanism in OAuth 2.0 that limits an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
At FreshBooks, we use scopes to ensure your application only has access to the resources allowed by a FreshBooks user.
For example, if you are a time-tracking app and you want to handle time entries for a user account, you would need to read the different businesses the identity has, read the projects to track time against, read the clients associated with the project, read the services for that business to track time against, and read or write time entries themselves. You would need the below scopes for such an application:
user:profile:read
user:projects:read
user:clients:read
user:billable_items:read
user:time_entries:read
user:time_entries:write
Please note that user:profile:read
is added to all new apps by default as it’s needed for all basic calls to get started.
It’s not possible to remove scopes from an existing access token. The only way to reduce or add consented scopes is to revoke the token and start with the app authorization flow again. So make sure to test your application and confirm you request all the scopes that your application might require.
Types of Scopes
FreshBooks uses scopes that refer to the entity granting access (example: user
), followed by the object they granted access to (example: user:clients
), followed by the class of actions performed by that entity on the object (example: user:clients:read
).
The list of objects includes
bill_payments
bill_vendors
billable_items
bills
business
clients
credit_notes
estimates
expenses
invoices
journal_entries
notifications
online_payments
other_income
payments
profile
projects
reports
retainers
taxes
teams
time_entries
There are currently only two classes of action that can be performed on an object:
read
: Reading the full information about a single resource.write
: Modifying the resource in any way (e.g. creating, editing, archiving, or deleting).
You can also access the complete list of all scopes and the corresponding endponts below