Aurinko
Aurinko websiteAurinko blogAPI ReferenceContact Support
Aurinko API
Aurinko API
  • Getting started
    • What is Unified Mailbox API?
    • Getting started with Aurinko
    • Get your developer API keys
    • Adding Aurinko to Google Workspace allowlist
    • Bubble.io plugin
    • Team members and roles in applications
  • Unified APIs
    • Email API
    • Calendar API
    • Contacts API
    • Tasks API
    • Webhooks API
      • Configuring Pub/Sub for Gmail API Webhooks
    • Direct API
  • Authentication
    • OAuth Flow
      • Account OAuth Flow
      • User ОАuth Flow
      • Service Account OAuth Flow
    • Authentication scopes
    • Authorized return URLs
    • Google OAuth setup
    • Office 365 OAuth setup
    • ZOHO OAuth setup
    • Service accounts
      • Setting up G Suite service account
      • Setting up Office 365 daemon app registration
  • Scheduling
    • Create your first appointment booking page
    • Calendar Booking Page
    • Booking API
    • Group Booking API
  • Workspace Addons
    • Outlook addins
      • Create your first Outlook addin
      • Office 365: Installing Outlook addin
    • Microsoft Teams apps
      • Microsoft Teams bot setup
      • Create your first MS Teams app
      • Installing MS Teams app
    • Chrome Extensions with Google authentication
    • Google Workspace Add-Ons
  • Dynamic API
    • What is Dynamic (Virtual) API?
    • Getting Started with Dynamic API
Powered by GitBook
On this page
  1. Authentication

Authentication scopes

Aurinko's authentication scopes enhance security by allowing granular permission control. Limit access by using the scopes parameter during authentication.

Aurinko supports granular authentication scopes to improve security for your end-users. You can limit the permissions and data Aurinko requests during authentication by using the scopes parameter with the /auth/authorize endpoint.

To remain secure, Aurinko strongly recommends passing only the scopes that your application needs when authenticating a user. Please reference the table below when updating your authentication code to make sure your application requests the minimal amount of access necessary for your app's functionality.

Aurinko scope
Description

Mail.ReadWrite

Read and modify all messages, threads, file attachments, and read email metadata like headers. Does not include send.

Mail.Read

Read all messages, threads, file attachments, drafts, and email metadata like headers - no write operations.

Mail.Send

Send messages only. No read or modify privileges on users' emails.

Mail.Drafts

Create, read, update, and delete drafts. Send messages and drafts.

Calendar.ReadWrite

Read and modify calendars and events.

Calendar.Read

Read calendars and events.

Contacts.ReadWrite

Read and modify contacts.

Contacts.Read

Read contacts.

Tasks.ReadWrite

Read and modify tasks.

Tasks.Read

Read tasks.

Example


To give an example, if your app has functionality for users to send and read messages, but not modify messages, you would use the following scopes: Mail.ReadOnly, Mail.Send.

Here is an example request showing how your app might pass these scopes:

curl -X GET https:/api.aurinko.io/v1/auth/authorize \
    -d clientId='a8b7c6d5e4f3g2h1' \
    -d serviceType='Office365' \
    -d scopes='Mail.Read,Mail.Send' \
    -d returnUrl='https://yourapp.com/aurinko-redirect' \
    -d state='CustomStateString'

Any tokens obtained this way have a limited scope, so you won't be able to access out-of-scope endpoints with them.

PreviousService Account OAuth FlowNextAuthorized return URLs

Last updated 6 months ago