Permissions
Permissions in the Investment API are modelled as OAuth 2.0 scopes.
We consider related endpoints in the Investment API to be a {topic}
and each individual scope grants you permission to perform a set of {action}
s in that "topic". The available {topic}s
and {action}
s are described below.
Scopes are specified as string IDs, in the format {topic}:{action}
.
If you need a particular scope to access a group of functionality in the Investment API, you must specify them when requesting the OAuth 2.0 access token.
Topics
The following {topic}
s are available:
accounts
: Accounts and account groups.checks
: User checks like KYC, POR, INSTRUMENT_FIT, and COMPLIANCE.fees
: Fee collections.instruments
: Instruments.mandates
: Mandates.orders
: Orders.payments
: Pay-ins and withdrawal operations.portfolios
: Portfolios.positions
: Positions.reference_accounts
: Reference accounts.reinvestments
: Re-investments.reports
: Reports.taxes
: Tax residencies.users
: (End) users.valuations
: Account valuations.webhooks
: Webhooks.
Actions
There are two {action}
s available:
admin
: Allows read-and-write access to the resources covered by the{topic}
. In most (but not all!) cases, writing includes create, update and delete operations.read
: Allows read-only access to the resources covered by the{topic}
.
- Only those
{topic}
×{action}
combinations are available, which cover actual API endpoints or operations. {topic}:admin
only includes update and/or delete if any corresponding API endpoints and operations are available.
A full list of available OAuth 2.0 scopes is available for you to inspect.