API authorization

All authenticated API endpoints also require authorization. Authorization is performed by checking it supplied credentials, such as API key or OAuth token, is granted at least one of the required API scopes. You can grant scopes to the API key

API scopes

A scope has become a standard term in the API environment. It originated in OAuth2 (opens in a new tab) specification, and the same idea is applied to all authentication types. It is an additional layer of control and security over the REST API that limits what the end-point users, API key, or OAuth clients are allowed to call.

Scopes provide access to a specific set of API endpoints, typically designed to serve specific use cases. Through OAuth2, they define the specific actions that applications are permitted to do on behalf of a user.

By granting a specific API scope to a user or an API key, you limit their access to a subset of API endpoints covered by the scope. In this way, you can prevent the user from accessing data or API functionalities outside of their role. You can limit the potential negative impact of leaked or stolen API keys or user credentials. You can grant several scopes to the same user or API key, covering multiple different API endpoints needed for a complex use case.

API scope types

Various scope types exist depending on the area or context. The main scopes include:

General:
- message:send
  - Enables sending of mobile terminated (MT) (opens in a new tab) messages, regardless of the channel
  - Includes all channel:message:send endpoints (all channels)
- inbound-message:read
  - Enables fetching of mobile originated (MO) (opens in a new tab) messages, regardless of the channel
  - Includes all channel:inbound-message:read endpoints (all channels)
- web:sdk
  - Provides access to the mobile app messaging API endpoints accessed from the client-side SDK
- mobile-app-messaging:sdk
  - Provides access to people and people events API endpoints accessed from client-side SDK
product/channel:manage
- Includes all endpoints related to a specific product or channel; e.g., if it is a Conversations product, it includes all endpoints related to Conversations; if it is an SMS channel, it includes all endpoints related to SMS

Additionally, there are other scope types that vary depending on the channel, product, and different use cases. You can review all available scopes on the Create API key (opens in a new tab) page.

API scope configuration

To configure API scope(s), you will need to allow the API key to access each API endpoint you want to use. To do that, first check the documentation of the API endpoint. It will list the required scopes. Granting any of them will enable the API key to access the endpoint.

You can grant new scopes to an existing API key by editing it or create a new one with scopes from the beginning.

You can manage API keys either through dedicated API (opens in a new tab), or through the web interface.

If you want to configure the API scope(s) through the web interface, navigate to Developer Tools → API Keys → Create API key (opens in a new tab).

From there, enter the following information for the API key:

Name
Creation date
Expiration date
Allowed IP addresses (optional)

In the next section, API scopes, choose which scopes you want to include:

General
Channels
Connectivity
Platform
Customer Engagement
Web SDK

Upon selecting a specific scope option, a drop-down menu will appear containing all available scopes. From there, you are required to choose which scopes you want to include in the API key.

Available API scopes

The table below outlines the scopes currently used by the API platform.

Scope	Description
2fa:manage	Enables access to all 2FA API end-points
2fa:pin:manage	Allows configuration and management of one-time PIN settings for two-factor authentication
2fa:pin:send	Enables sending of one-time PINs as part of two-factor authentication
apple-mfb:logs:read	Allows reading of logs related to Apple Messages for Business
apple-mfb:manage	Enables access to all Apple Messages for Business API end-points
apple-mfb:message:send	Enables sending of Apple Messages for Business
calllink:configuration:manage	Enables management of configuration for call links
calllink:link:manage	Enables management of links related to call links
calllink:manage	Enables access to all Call link API end-points
callrouting:manage	Enables access to all Call routing API end-points
calls:bulk:manage	Enables management of bulk calls
calls:configuration:manage	Enables management of all calls API settings
calls:logs:read	Enables access to logs related to calls API
calls:manage	Enables access to all Calls API end-points
calls:media:manage	Enables management of media related to calls API
calls:read	Enables access to calls API logs
calls:recording:delete	Enables deletion of Calls recordings
calls:recording:read	Enables reading of Calls recordings
calls:traffic:receive	Enables management of incoming calls
calls:traffic:record	Enables recording of calls
calls:traffic:send	Enables sending of calls and actions in calls
clicktocall:manage	Enables access to all Click-to-call API end-points
email:logs:read	Allows reading of logs related to email messages
email:manage	Enables access to all Email API end-points
email:message:send	Enables sending email messages
google-bm:logs:read	Allows reading of logs related to Google Business Messages
google-bm:manage	Enables access to all Google Business Messages API end-points
google-bm:message:send	Enables sending of Google Business Messages
instagram:logs:read	Allows reading of logs related to Instagram messages
instagram:manage	Enables access to all Instagram messages API end-points
instagram:message:send	Enables sending of Instagram messages
ivr:configuration:manage	Enables management of the IVR configuration
ivr:manage	Enables access to all IVR settings and configurations API end-points
ivr:message:send	Enables sending of IVR messages
kakao:logs:read	Allows reading of logs related to Kakao messages
kakao:manage	Enables access to all Kakao messages API end-points
kakao:message:send	Enables sending of Kakao messages
line:manage	Enables access to all LINE messages API end-points
line:message:send	Enables sending of LINE messages
live-chat:manage	Allows management of Live Chat functionalities and settings
messenger:manage	Enables access to all Messenger API end-points
messenger:message:send	Enables sending of Messenger messages
mms:inbound-message:read	Allows access to read inbound MMS messages
mms:logs:read	Allows reading of logs related to MMS messages
mms:manage	Enables access to all MMS API end-points
mms:message:send	Enables sending of MMS messages
mobile-app-messaging:inbound-message:read	Allows reading of inbound Mobile app messages
mobile-app-messaging:manage	Enables sending and managing of Mobile app messages
mobile-app-messaging:send	Enables sending of Mobile app messages
numbermasking:manage	Enables access to all Number masking API end-points
omni-failover:logs:read	Allows reading of logs related to OMNI-channel failover events
omni-failover:manage	Enables access to all OMNI-channel failover API end-points
omni-failover:message:send	Enables sending messages via OMNI-channel failover mechanisms
rcs:manage	Enables access to all RCS API end-points
rcs:message:send	Enables sending of RCS messages
sms:inbound-message:read	Grants access to read inbound SMS messages
sms:logs:read	Allows reading of logs related to SMS messages
sms:manage	Enables access to all SMS API end-points
sms:message:send	Enables sending of SMS messages
voice:logs:read	Enables reading of voice delivery reports
voice:recording:delete	Enables deleting of voice recordings
voice:recording:read	Enables reading of voice recordings
web-push:manage	Allows management of web push notifications
webrtc:configuration:manage	Enables management of WebRTC configuration
webrtc:identity:manage	Enables management of WebRTC identity configuration
webrtc:manage	Enables access to all WebRTC API end-points
webrtc:media:manage	Enables management of media related to WebRTC
whatsapp:inbound-message:read	Enables reading of inbound WhatsApp messages
whatsapp:manage	Enables access to all WhatsApp API end-points
whatsapp:message:send	Enables sending of WhatsApp messages
zalo:logs:read	Allows reading of logs related to Zalo messages
zalo:manage	Enables access to all Zalo API end-points
zalo:message:send	Enables sending Zalo messages
viber-bm:logs:read	Allows reading of logs related to Viber Business Messages
viber-bm:manage	Enables access to all Viber Business Messages API end-points
viber-bm:message:send	Enables sending of Viber Business Messages
viber-bot:logs:read	Allows reading of logs related to Viber Bot Messages
viber-bot:manage	Enables access to all Viber Bot Messages API end-points
viber-bot:message:send	Enables sending of Viber Bot Messages
voice-message:logs:read	Enables access to logs of sent voice messages
voice-message:manage	Enables management of all voice messages
voice-message:message:send	Enables sendings of voice messages
voice-reports:read	Enables access to voice reports
voice:recording:manage	Enables management of voice recordings
web-push:send	Enables sending of web push notifications
rcs:logs:read	Enables reading of logs of RCS messages
messenger:logs:read	Enables reading of logs of Messenger messages
whatsapp:logs:read	Allows reading of logs related to WhatsApp messages
rbm-maap:manage	Enables access to all RBM MaaP API end-points
rbm-maap:message:send	Allows sending of RBM MaaP-related messages
mobile-app-messaging:logs:read	Allows reading of logs related to Mobile app messages
whatsapp:conversions	Enables access to WhatsApp Conversions
zalo-follower:manage	Enables access to all Zalo Follower API end-points
zalo-follower:message:send	Enables sending Zalo Follower messages
zalo-follower:logs:read	Allows reading of logs related to Zalo Follower messages

Scope	Description
2fa:sdk	Provides access to two-factor authentication (2FA) API endpoints accessed from the client-side SDK
web:sdk	Provides access to People and People events API endpoints accessed from client-side SDK

Scope	Description
biometrics:manage	Enables access to all Biometrics API end-points
mobile-identity:manage	Allows for the management and usage of Mobile Identity
number-lookup:logs:read	Allows reading of logs related to phone number lookup
number-lookup:manage	Enables access to all number lookup API end-points
number-lookup:send	Enables phone number lookup
number-activation-state:read	Allows to read data from Deact API

Scope	Description
conversations:manage	Enables access to all Conversations API end-points
people:manage	Enables access to all People API end-points
flow:read	Allows fetching of existing flows, flow details, participants and analytics
flow:manage	Allows management of flows in Moments
flow:use	Allows adding participants to existing flows
forms:read	Allows seeing information about forms including submitted data and events
forms:manage	Allows access to all Forms API end-points
content-messages:read	Allows access to existing content messages, their details and analytics
content-messages:manage	Allows access to all Content messages API end-points
people:read	Provides read-only access to data and profiles in People
forms:use	Allows submitting data or events to a form
people:use	Provides access to ingesting events in People

Scope	Description
inbound-message:read	Enables getting various types of incoming messages, encompassing all channels
message:send	Enables sending various types of messages, encompassing all messaging-related endpoints

Scope	Description
account-management:manage	Grants control over account settings and information
application-entity:manage	Grants access to manage application-specific entities and settings
blocklist:manage	Enables access to all Blocklist API end-points
catalogs:manage	Enables access to all Catalogs API end-points
messages-api:manage	Enables access to all Messages API end-points
messages-api:message:send	Enables sending various types of messages using Messages API
metrics:manage	Allows access and management of metrics and analytics data using Metrics API
numbers:manage	Enables access to all Numbers API end-points
numbers:recording:manage	Enables management of recording setting on numbers
sending-strategy:manage	Enables configuration of message sending strategies and rules
signals:manage	Enables access to all Signals API end-points
subscriptions:manage	Enables access to all Subscriptions API end-points
catalogs:read	Allows fetching of existing catalogs, and catalogs metadata
catalogs:use	Allows access to fetch items, add items, delete items and update items in catalog
resource-request-hub:manage	Allows creation of request for a resource, updating existing request and checking the status of existing request
resource-request-hub:read	Allows checking the status of existing request
error-codes:read	Enables access to platform error code details to troubleshoot message sending APIs
audit-logs:read	Allows reading and exporting of audit logs

Errors

You will receive the 403 Forbidden HTTP status code in the response in case provided user or API key is lacking the required scopes:

json

 
    {
        "requestError": {
            "serviceException": {
            "messageId": "FORBIDDEN",
            "text": "Forbidden"
            }
        }
    }

Library exceptions

When using one of the libraries (opens in a new tab), make sure to handle API exceptions.

REQUEST SAMPLES

 
    try {
        SmsResponse smsResponse = sendSmsApi.sendSmsMessage(smsMessageRequest);
    } catch (ApiException apiException) {
        apiException.getCode();
        apiException.getResponseHeaders();
        apiException.getResponseBody();
    }

 
    try
    {
        var result = api.SendSmsMessage(smsRequest);
    }
    catch(ApiException apiException)
    {
        var errorCode = apiException.ErrorCode;
        var errorContent = apiException.ErrorContent;
    }

API authorization

API scopes

API scope types

API scope configuration

Available API scopes

Client-side SDK

Connectivity

Customer Engagement

General

Platform

Errors

Library exceptions

Help shape the future of our products