Skip to content

API Scopes

Scopes control what your app can access on a user’s account. You request specific scopes during authentication, and the access token you receive will only allow what those scopes permit.

Users see which permissions your app is requesting during login.

How to Request Scopes

Include a scope parameter in your authentication request, either as a GET query parameter for browser-based auth or in the POST body for headless auth.

const params = new URLSearchParams({
  client_id: 'YOUR_CLIENT_ID',
  response_type: 'code',
  scope: 'family:library:view offline_access', // Requesting library view and refresh tokens
  // ... other parameters
});

Available Public Scopes

These scopes are available for public applications:

Scope ID Description
family:library:view View the library of Yoto cards in your family
family:library:manage View and manage your Yoto card library
Includes: family:library:view
user:content:view View and access your Make Your Own content
user:icons:manage View, upload and edit your custom icons
user:content:manage View, create, edit and delete Make Your Own content
Includes: user:content:view, user:icons:manage
family:devices:view View players linked to your family (including their names)
family:devices:manage Manage your player configuration and settings (e.g., player name, sleep settings)
Includes: family:devices:view
family:devices:control Remotely control and monitor your Yoto players, including player names, connection status and activity
family:view View basic information about your family, including your players, family members and their emails
offline_access Retain access to your account even when you're not actively using this app
profile Access basic information about your profile, including your name and email address