Permissions

Permissions in the Investment API are modelled as OAuth 2.0 scopes.

We consider related endpoints in the Investment API to be a {topic} and each individual scope grants you permission to perform a set of {action}s in that "topic". The available {topic}s and {action}s are described below.

Scopes are specified as string IDs, in the format {topic}:{action}.

If you need a particular scope to access a group of functionality in the Investment API, you must specify them when requesting the OAuth 2.0 access token.

Topics

The following {topic}s are available:

• accounts: Accounts and account groups.

• checks: User checks like KYC, POR, INSTRUMENT_FIT, and COMPLIANCE.

• fees: Fee collections.

• instruments: Instruments.

• mandates: Mandates.

• orders: Orders.

• payments: Pay-ins and withdrawal operations.

• portfolios: Portfolios.

• positions: Positions.

• reference_accounts: Reference accounts.

• reinvestments: Re-investments.

• reports: Reports.

• taxes: Tax residencies.

• users: (End) users.

• valuations: Account valuations.

• webhooks: Webhooks.

Actions

There are two {action}s available:

• admin: Allows read-and-write access to the resources covered by the {topic}. In most (but not all!) cases, writing includes create, update and delete operations.

• read: Allows read-only access to the resources covered by the {topic}.

• Only those {topic} × {action} combinations are available, which cover actual API endpoints or operations.
• {topic}:admin only includes update and/or delete if any corresponding API endpoints and operations are available.

A full list of available OAuth 2.0 scopes is available for you to inspect.