> ## Documentation Index
> Fetch the complete documentation index at: https://docs.launchmystore.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Scopes

> The OAuth access scopes an app can request

# Scopes

Apps request a set of scopes at install time. Each scope grants access to a
group of `/api/v1/*` endpoints. The platform enforces scopes server-side on
every API call against the installation's **granted** scopes — a request for
an endpoint outside the app's granted scopes returns `403`.

Scopes are passed as a **comma-separated** list on
[`/apps/oauth/authorize`](/api-reference/oauth/authorize) and returned
**space-delimited** in the `scope` field of the
[token response](/api-reference/oauth/token). There are **37** scopes.

<Note>
  Reads and writes are separate. `write_*` does **not** imply `read_*` —
  request both if you need to read and write the same resource.
</Note>

## Available scopes

| Scope                   | Grants                                             |
| ----------------------- | -------------------------------------------------- |
| `read_shop`             | View shop information                              |
| `write_shop`            | Modify shop information                            |
| `read_products`         | View products and variants                         |
| `write_products`        | Create, update, and delete products                |
| `read_collections`      | View collections                                   |
| `write_collections`     | Create, update, and delete collections             |
| `read_orders`           | View orders, transactions, and refunds             |
| `write_orders`          | Create, update, and cancel orders                  |
| `read_fulfillments`     | View fulfillments and shipments                    |
| `write_fulfillments`    | Create and update fulfillments                     |
| `read_customers`        | View customers and their addresses                 |
| `write_customers`       | Create, update, and delete customers               |
| `read_inventory`        | View inventory levels                              |
| `write_inventory`       | Adjust inventory levels                            |
| `read_metafields`       | View metafields on resources                       |
| `write_metafields`      | Create, update, and delete metafields              |
| `read_discounts`        | View discount codes and price rules                |
| `write_discounts`       | Create, update, and delete discount codes          |
| `read_content`          | View blog posts, articles, and pages               |
| `write_content`         | Create, update, and delete blog content            |
| `read_shipping`         | View shipping zones and rates                      |
| `write_shipping`        | Create, update, and delete shipping configuration  |
| `read_gift_cards`       | View gift cards                                    |
| `write_gift_cards`      | Create, update, and disable gift cards             |
| `read_themes`           | View installed themes and theme files              |
| `write_themes`          | Upload and modify theme files                      |
| `read_files`            | View files uploaded to the store asset library     |
| `write_files`           | Upload and delete files in the store asset library |
| `read_billing`          | View store billing, subscriptions, and invoices    |
| `write_billing`         | Manage store billing settings                      |
| `read_analytics`        | View store analytics, reports, and dashboards      |
| `read_settings`         | View store settings (shipping, payments, taxes)    |
| `write_settings`        | Modify store settings                              |
| `read_marketing`        | View marketing campaigns and automations           |
| `write_marketing`       | Create and manage marketing campaigns              |
| `read_email_templates`  | View transactional email templates                 |
| `write_email_templates` | Create and modify transactional email templates    |

<Note>
  `read_analytics` is read-only — there is no `write_analytics` scope.
</Note>

## Scopes for common tasks

<ParamField path="Registering webhooks" type="read_shop">
  Webhook subscription endpoints
  ([`POST /api/v1/webhooks.json`](/api-reference/webhooks/overview)) are
  gated by `read_shop` — there is **no dedicated webhook scope**.
</ParamField>

<ParamField path="Embedded app / session tokens" type="(no scope)">
  Embedded admin access via
  [session tokens](/app-bridge/session-tokens) is authenticated by the
  HS256 session-token JWT, **not** an OAuth scope. No scope is required to
  request a session token.
</ParamField>

<ParamField path="Media / file picker" type="read_files / write_files">
  The asset library is governed by `read_files` / `write_files`. The App
  Bridge [resource picker](/app-bridge/overview) `File` type runs in the
  admin host context.
</ParamField>

## Validation

Requested scopes are validated against the app's registered scope set at
authorize time. An unknown or unregistered scope returns:

```json theme={null}
{ "status": 400, "state": "error", "message": "Invalid scopes: <names>" }
```

## See also

* [Authorize](/api-reference/oauth/authorize) — start the OAuth flow with a scope list.
* [Token](/api-reference/oauth/token) — exchange the code; the response echoes granted scopes.
* [Authentication](/getting-started/authentication) — full OAuth walkthrough.
