Scopes
This page outlines the OAuth 2.0 scopes available for the Yoco API.
OAuth 2.0 Scopes
Yoco API supports the following standard OAuth 2.0 scopes:
offline_access
Allows the application to receive a refresh token, which can be used to obtain new access tokens without requiring the merchant to re-authenticate.
openid
Allows the application to receive an id_token
, which contains information
about the authenticated user.
The following information about the authenticated user will be available in
the id_token
:
user_id
: The unique identifier for the user.default_business_id
: The unique identifier for the user’s default business. Note: this may differ from theauthorized_business_id
, which refers to the business that the user authorised during the OAuth 2.0 consent flow.business_ids
: A list of all businesses associated with the user.
Additionally, by requesting the id_token
, the application will also receive
access to the /userinfo
, which returns the same information about the
authenticated user.
Yoco API Scopes
To view which scopes apply to a given API endpoint, refer to the Yoco API documentation.
In addition to the standard OAuth 2.0 scopes, the Yoco API supports the following additional scopes:
business/orders:read
Read access to a business’ orders, payments & refunds.
business/orders:write
Access to create a business’ orders and payment links.
business/payouts:read
Read access to a business’ payouts.
profile
Access to the end user’s full name and email address. This additional
information will be returned in the id_token
and /userinfo
endpoint.
The additional fields that will be available are:
user_name
: The full name of the user.user_email
: The email address of the user.