Scopes

Scopes define what an API App is allowed to do when it accesses the 1Password SaaS Manager API. Aligned with information security best-practice, we strongly recommend choosing just the scopes that you need to access through the API.

When you create an API App you must select which scopes will be available to clients connecting with the app credentials.

If you use the Authorization Code flow, your application can request one or more of these scopes, and the user will be asked to consent to authorizing your application to access these sorts of SaaS Manager data.

ScopeDescription
Apps.ReadRead-only access to applications
Apps.Users.ReadRead-only access to application users
Assets.ReadRead-only access to devices
Assets.WriteWrite access to devices
AuditLog.ReadRead-only access to the SaaS Manager audit log
Contracts.ReadRead-only access to contracts
Contracts.WriteWrite access to contracts
People.ReadRead-only access to people
People.WriteWrite access to people
Users.ReadRead-only access to users with access to SaaS Manager
Workflows.ReadRead-only access to workflow definitions
Workflows.Runs.ReadRead-only access to workflow runs
Workflows.Runs.ExecuteExecute workflow run actions
Workflows.Runs.ReadSecretsRead workflow run secrets
offline_accessReturns a refresh token, as well as an access token (as part of the Authorization Code flow)

By accessing or using 1Password Developer Tools, you agree to the API and SDK Terms of Service.



Published: