# Scopes

Scopes are assigned to User Roles or API Client applications to limit the level of access that is available to that client or user.

{% hint style="warning" %}
We recommend using the principle of least privileged access. This means that you should only assign the scopes that are required to perform the API requests that you want to do.
{% endhint %}

Use this list of scopes to determine which ones you need to build your API application.

| Scope           | Description                                                                   |
| --------------- | ----------------------------------------------------------------------------- |
| admin:read      | View templates, and objects                                                   |
| admin:write     | Create, update or delete templates, and objects                               |
| analytics:read  | View analytics dashboards                                                     |
| analytics:write | Create, update or delete analytics dashboards                                 |
| billing:read    | View billing, currencies, transactions, and payments                          |
| billing:write   | Create, update or delete billing, currencies, transactions, and payments      |
| developer:read  | View API client applications                                                  |
| developer:write | Create, update or delete API client applications                              |
| owner:read      | View account owner settings                                                   |
| owner:write     | Modify account owner settings                                                 |
| product:read    | View products, product plans, and features                                    |
| product:write   | Create, update or delete products, product plans, and features                |
| security:read   | View users, roles, and groups                                                 |
| security:write  | Create, update or delete users, roles, and groups                             |
| standard:read   | View contacts, deals, accounts, quotes, and subscriptions                     |
| standard:write  | Create, update or delete contacts, deals, accounts, quotes, and subscriptions |
| workflow:read   | View workflows                                                                |
| workflow:write  | Create, update or delete workflows                                            |
| signup:read     | Minimum read permissions to signup for a subscription.                        |
| signup:write    | Minimum write permissions to signup for a subscription.                       |

### API client applications

When an API client requests an access token, it must also request the scopes that it wants access to. If the client request scopes that have not be assigned then an error will be raised and an access token will not be returned.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bunny.com/developer/using-the-graphql-api/scopes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.