Scopes
This page outlines the OAuth 2.0 scopes available for the Yoco API.
OAuth 2.0 Scopes
Yoco API supports the following standard OAuth 2.0 scopes:
offline_access
Allows the application to receive a refresh token, which can be used to obtain new access tokens without requiring the merchant to re-authenticate.
openid
Allows the application to receive an id_token, which contains information about the authenticated
user.
The following information about the authenticated user will be available in the id_token:
user_id: The unique identifier for the user.default_business_id: The unique identifier for the user’s default business. Note: this may differ from theauthorized_business_id, which refers to the business that the user authorised during the OAuth 2.0 consent flow.business_ids: A list of all businesses associated with the user.
Additionally, by requesting the id_token, the application will also receive access to the
/userinfo, which returns the same information about the authenticated user.
Yoco API Scopes
To view which scopes apply to a given API endpoint, refer to the Yoco API documentation.
In addition to the standard OAuth 2.0 scopes, the Yoco API supports the following additional scopes:
business/orders:read
Read access to a business’ orders, payments & refunds.
business/orders:write
Access to create a business’ orders and payment links.
business/payouts:read
Read access to a business’ payouts.
profile
Access to the end user’s full name and email address. This additional information will be returned
in the id_token and /userinfo endpoint.
The additional fields that will be available are:
user_name: The full name of the user.user_email: The email address of the user.