OAuth scope

Scope limits the level of access the application can have when making requests to the resource server (to access protected resources). It is what enables the user to provide delegated access to the client.

For example, if the client only needs to access the Invoices module in Zoho Books, then it can be defined in the scope when requesting for access token. When the client makes API requests with the access token, the resource server will provide access only to the Invoices module. It can also be defined what kind of operations (create/read/update/delete) are permissible for the client with respect to the module.

When the user is asked for permission to grant access to the client, the scopes defined in the request will be shown.

A Zoho OAuth scope has three parts:

• Service name: 
  The name of the service the client is making API calls to. All Zoho products have a unique service name such as ZohoCRM, or ZohoRecruit. 
• Scope name: 
  The name of the module in the service the client needs access to. Each Zoho service is divided into different modules. You can view the scope names from the respective product's API docs. 
• Operation type: 
  The type of operation that is permissible for the client. It can be ALL, READ, UPDATE, DELETE. (ALLgives access to perform all operations).