API Scopes
Scopes control what your app can access on a user’s account. You request specific scopes during authentication, and the access token you receive will only allow what those scopes permit.
Users see which permissions your app is requesting during login.
How to Request Scopes
Section titled “How to Request Scopes”Include a scope parameter in your authentication request, either as a GET query parameter for browser-based auth or in the POST body for headless auth.
const params = new URLSearchParams({ client_id: 'YOUR_CLIENT_ID', response_type: 'code', scope: 'family:library:view offline_access', // Requesting library view and refresh tokens // ... other parameters});Available Public Scopes
Section titled “Available Public Scopes”These scopes are available for public applications:
| Scope ID | Description |
|---|---|
family:library:view | View your Yoto card library |
family:library:manage | View and manage your Yoto card library Includes: family:library:view |
user:content:view | View your Make Your Own content |
user:icons:manage | View, create, edit and delete your custom icons for Make Your Own content |
user:content:manage | View, create, edit and delete your Make Your Own content Includes: user:content:view, user:icons:manage |
family:devices:view | View list of devices in your family and their online status |
family:device-status:view | View current detailed status of players in your family |
family:devices:manage | View players in your family, their status and manage settings Includes: family:devices:view, family:device-status:view |
family:devices:control | Remotely control players in your family, receive live updates of player activity |
family:view | View family members and players |
offline_access | Retain access to your account even when you're not actively using this app |
openid | Standard OpenID Connect scope to retrieve the user's unique ID. |
profile | Standard OpenID Connect scope to retrieve the user's profile information (name, picture). |