API Scopes
Scopes control what your app can access on a user’s account. You request specific scopes during authentication, and the access token you receive will only allow what those scopes permit.
Users see which permissions your app is requesting during login.
How to Request Scopes
Section titled “How to Request Scopes”Include a scope parameter in your authentication request, either as a GET query parameter for browser-based auth or in the POST body for headless auth.
const params = new URLSearchParams({ client_id: 'YOUR_CLIENT_ID', response_type: 'code', scope: 'family:library:view offline_access', // Requesting library view and refresh tokens // ... other parameters});Available Public Scopes
Section titled “Available Public Scopes”These scopes are available for public applications:
| Scope ID | Description |
|---|---|
family:library:view | View the library of Yoto cards in your family |
family:library:manage | View and manage your Yoto card library Includes: family:library:view |
user:content:view | View and access your Make Your Own content |
user:icons:manage | View, upload and edit your custom icons |
user:content:manage | View, create, edit and delete Make Your Own content Includes: user:content:view, user:icons:manage |
family:devices:view | View players linked to your family (including their names) |
family:devices:manage | Manage your player configuration and settings (e.g., player name, sleep settings) Includes: family:devices:view |
family:devices:control | Remotely control and monitor your Yoto players, including player names, connection status and activity |
family:view | View basic information about your family, including your players, family members and their emails |
offline_access | Retain access to your account even when you're not actively using this app |
openid | Identify you as a user |
profile | Access basic information about your profile, including your name and email address |