403 Forbidden unless the token holds the scope
required by the endpoint.
Tokens created before access scopes were introduced were granted all scopes,
so they keep working unchanged. Newly created tokens only carry the scopes you
select.
Granting scopes
Select a token’s scopes when you create it, and update them at any time — no need to re-issue the token:- Log in to your Redo Dashboard
- Go to Settings → Developer
- Create an API client (Add API Client) or open an existing one
- Select the scopes the client needs and save
Available scopes
Each endpoint in this reference lists the scope it requires. The full set of scopes:| Scope | Access | Grants |
|---|---|---|
orders_read | Read | Retrieve orders. |
orders_write | Write | Create, update, and delete orders; manage fulfillments. |
customers_read | Read | Retrieve customers. |
customers_write | Write | Create and update customers and subscriptions. |
products_write | Write | Bulk upload products. |
returns_read | Read | List and retrieve returns and return tags. |
returns_write | Write | Create, update, and process returns; manage return tags. |
inventory_read | Read | List inventory items and levels. |
inbound_shipments_read | Read | List and retrieve inbound shipments. |
invoices_read | Read | List invoices. |
webhooks_read | Read | List and retrieve webhooks. |
webhooks_write | Write | Create, update, delete, and replay webhooks. |
customer_events_write | Write | Create custom customer events. |
storefront_events_write | Write | Create storefront events. |
Insufficient scope
When a token is missing a required scope, the API returns403 Forbidden with a
problem response: