Scopes
This page outlines the OAuth 2.0 scopes available for the Yoco API.
OAuth 2.0 scopes
Yoco API supports the following standard OAuth 2.0 scopes:
offline_access
Allows the application to receive a refresh token for obtaining new access tokens without requiring the merchant to re-authenticate.
openid
Allows the application to receive an id_token, which contains information about the authenticated
user.
The following information about the authenticated user is available in the id_token:
user_id: The unique identifier for the user.default_business_id: The unique identifier for the user’s default business. Note: this may differ from theauthorized_business_id, which refers to the business that the user authorised during the OAuth 2.0 consent flow.business_ids: A list of all businesses associated with the user.
Additionally, by requesting the id_token, the application also receives access to the /userinfo,
which returns the same information about the authenticated user.
Yoco API scopes
To view which scopes apply to a given API endpoint, refer to the API reference.
In addition to the standard OAuth 2.0 scopes, the Yoco API supports the following additional scopes:
business/capital_offers:read
Read access to a business’ Capital offers.
business/orders:read
Read access to a business’ orders, payments & refunds.
business/orders:write
Access to create a business’ orders and payment links.
business/payouts:read
Read access to a business’ payouts.
profile
Access to the end user’s full name and email address. The id_token and /userinfo endpoints
return this additional information.
The following additional fields are available:
user_name: The user’s full name.user_email: The user’s email address.
