Scopes & Permissions
API keys are scoped to specific resources and access levels. Scopes are immutable after creation — to change scopes, revoke the old key and create a new one.
| Scope | Grants Access To |
|---|---|
read:products | GET /products, GET /products/:id |
write:products | POST, PUT, DELETE /products (future) |
read:designs | GET /designs, GET /designs/:id |
read:quotes | GET /quotes, GET /quotes/:id |
write:quotes | POST /quotes |
read:colors | GET /colors |
read:fabrics | GET /fabrics |
read:fonts | GET /fonts |
Shorthand scopes: read grants all read scopes, write grants all write scopes (implies read), full grants everything.
Example key scopes (JSON)
{
"scopes": [
"read:products",
"read:quotes",
"write:quotes"
]
}