Scopes are passed when requesting access token - they define what information can be requested from the API or
what actions performed.
Most of the scopes can be suffixed with
_offline (for example,
balance_offline instead of
If such scope is confirmed by the user, client can get information about the user with default authentication
credentials - use of access token is not needed.
This allows to get user's ID and other identifiers with access token and then anywhere in the future request
information using default credentials and these identifiers. In other words, scope gets permanently available
even when not using access token.
Offline scopes are available only when using authorization code grant.
Offline scopes can be revoked by the user in Paysera system, so even if such scope is granted, client should
always expect to get
forbidden error when accessing user's information in the future.
Some of the scopes can be suffixed with
_optional, for example
In most cases you want optional scope also to be offline scope, although simple scope may also be optional.
If scope is both offline and optional,
_offline suffix must be followed by
Optional scopes allow to access user information without forcing her to immediately take action to confirm or reject
corresponding permissions. Information can be accessed only after the user takes specific actions in Paysera system
to meet conditions required by specific scope. Until then the error
not_found is received. Or in case
user resource, corresponding parameters are missing.
Extended scopes give permissions to make higher risk actions for the client
and thus requires special authorization from the user.
These scopes cannot be provided when requesting access token, but can be attached to access token when requesting
token refresh, providing
code value is code from SMS message, sent
to the user.
Scope list with their description and attributes are provided below.
Get user's confirmed email address.
Get user's confirmed phone number. User must add and validate phone number to accept request with this scope.
Get user's address. User must input address if it was not yet provided to accept request with this scope.
Get user's date of birth. If user is identified, this is confirmed information, otherwise user freely inputs it in the provided form.
Get user's gender. If user is identified, this is confirmed information, otherwise user freely inputs it in the provided form.
Get user's confirmed name and surname. User must perform authentication using one of available methods to identify herself to accept request with this scope.
Get user's identification level. User must perform authentication using one of available methods to identify herself to accept request with this scope.
Get user's confirmed name, surname, nationality and identification code. User must perform authentication using one of available methods to identify herself to accept request with this scope.
Provide user's current position.
Provide, change and delete user's avatar.
Change and delete account descriptions.
Get balance of user's wallet.
Get response if a user has sufficient money in balance in a specific account.
Get account statements related to user's wallet.
Get list of user's enabled services or enable service for user.
Get most common beneficiaries for user's internal Paysera system payments.
Send transaction confirmation FLASH SMS. User must add and validate phone number to accept request with this scope.
Get list of all available wallets for user.
Access incoming pending payments for user's wallet and to provide passwords for them.
Access outgoing pending payments together with their passwords in plain text.
Access user's administered projects and their locations, make payments and other project-related actions for any of user's managed projects.
Access initiated transaction requests and send new transaction requests in the name of current user.
Access received transaction requests for current user.
Manage user's cards (create, edit, delete cards, link cards with accounts, also create and process deposit).
Get information about user identification such as personal code, provided documents.
Get basic user information, such as selected locale.
Initiate transfers in user's behalf.
Make currency conversions in user's behalf.
Get the user's list of political exposure persons. This information is only available if the user provided such data.