Skip to main content
Access scopes dictate which resources an app is able to query or modify, as well as which operations an app can perform. Smile splits scopes into two main types: read and write. Traditionally, “read” operations include HTTP GET requests, as well as subscribing to webhooks. Meanwhile, “write” operations typically include HTTP POST, PUT, and DELETE requests in addition to all the “read” operations. This means that having the “write” scope for a given entity always also includes “read” privileges. The specific access scope required for each endpoint are documented as part of the REST API Reference.

Adding access scopes

As you develop your Smile app, you may wish to add more functionality. The app’s settings page in the Partner Portal allows you to do just that by adding new access scopes to your app. When you add new access scopes, any accounts that have already installed the app will need to be directed back through the OAuth flow in order to grant your app the additional access scopes it now requires. It’s up to you to notify your users when you want them to reauthorize your integration. To help with this, Smile Admin will automatically prompt users to reauthorize if the access scopes of an app they have installed have changed.

Effect on webhooks

Your app may subscribe to webhook topics via the app’s settings page in the Partner Portal. An app will only start to receive webhooks for a given topic when users grant the required scopes for that topic. For example, if your app did not have the customer:read scope but you would like to add the customer/updated webhook, you would:
  1. Add the customer/updated webhook topic in your app’s settings
  2. Add the customer:read permission to your app
  3. Prompt users to reauthorize your app
As users reauthorize and grant the customer:read scope, your app will automatically start to receive customer/updatedwebhooks for those accounts.