> ## Documentation Index
> Fetch the complete documentation index at: https://developers.redo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Access scopes

> Scopes that API tokens carry and the endpoints they grant access to

API tokens carry **access scopes** that determine which endpoints they may call.
A request is rejected with `403 Forbidden` unless the token holds the scope
required by the endpoint.

<Note>
  Tokens created before access scopes were introduced were granted all scopes,
  so they keep working unchanged. Newly created tokens only carry the scopes you
  select.
</Note>

## Granting scopes

Select a token's scopes when you create it, and update them at any time — no
need to re-issue the token:

1. Log in to your [Redo Dashboard](https://app.getredo.com)
2. Go to **Settings** → **Developer**
3. Create an API client (**Add API Client**) or open an existing one
4. Select the scopes the client needs and save

Grant a client only the scopes it needs — read scopes for endpoints that only
retrieve data, write scopes for endpoints that create, update, or delete.

## Available scopes

Each endpoint in this reference lists the scope it requires. The full set of
scopes:

| Scope                     | Access | Grants                                                   |
| ------------------------- | ------ | -------------------------------------------------------- |
| `orders_read`             | Read   | Retrieve orders.                                         |
| `orders_write`            | Write  | Create, update, and delete orders; manage fulfillments.  |
| `customers_read`          | Read   | Retrieve customers.                                      |
| `customers_write`         | Write  | Create and update customers and subscriptions.           |
| `products_write`          | Write  | Bulk upload products.                                    |
| `returns_read`            | Read   | List and retrieve returns and return tags.               |
| `returns_write`           | Write  | Create, update, and process returns; manage return tags. |
| `inventory_read`          | Read   | List inventory items and levels.                         |
| `inbound_shipments_read`  | Read   | List and retrieve inbound shipments.                     |
| `invoices_read`           | Read   | List invoices.                                           |
| `webhooks_read`           | Read   | List and retrieve webhooks.                              |
| `webhooks_write`          | Write  | Create, update, delete, and replay webhooks.             |
| `customer_events_write`   | Write  | Create custom customer events.                           |
| `storefront_events_write` | Write  | Create storefront events.                                |

## Insufficient scope

When a token is missing a required scope, the API returns `403 Forbidden` with a
problem response:

```json theme={null}
{
  "detail": "This token is missing the required `returns_read` scope",
  "title": "Insufficient token scope",
  "type": "com.getredo.api:scope/forbidden"
}
```

Add the missing scope to the token in the Dashboard to resolve it — you don't
need to re-issue it.
