Scopes are passed when requesting access token - they define what information can be requested from the API or what actions performed.
Most of the scopes can be suffixed with
_offline (for example,
balance_offline instead of
If such scope is confirmed by the user, client can get information about the user with default authentication
credentials - use of access token is not needed.
This allows to get user's ID and other identifiers with access token and then anywhere in the future request information using default credentials and these identifiers. In other words, scope gets permanently available even when not using access token.
Offline scopes are available only when using authorization code grant.
Offline scopes can be revoked by the user in Paysera system, so even if such scope is granted, client should
always expect to get
forbidden error when accessing user's information in the future.
Some of the scopes can be suffixed with
_optional, for example
In most cases you want optional scope also to be offline scope, although simple scope may also be optional.
If scope is both offline and optional,
_offline suffix must be followed by
Optional scopes allow to access user information without forcing her to immediately take action to confirm or reject
corresponding permissions. Information can be accessed only after the user takes specific actions in Paysera system
to meet conditions required by specific scope. Until then the error
not_found is received. Or in case
user resource, corresponding parameters are missing.
Extended scopes give permissions to make higher risk actions for the client
and thus requires special authorization from the user.
These scopes cannot be provided when requesting access token, but can be attached to access token when requesting
token refresh, providing
code value is code from SMS message, sent
to the user.
Scope list with their description and attributes are provided below.