Permissions - Provision Public API

Every Public API key carries a list of operation scopes. Each endpoint requires one or more scopes; calls without the right scope return 403 Forbidden with { "error": { "code": "FORBIDDEN", "message": "Operation not allowed" } }.

Scope naming

Scopes use the form <resource>:<verb>. The available scopes today:

Scope	What it allows
`conversation:read`	`GET /v1/conversation/{id}` and `GET /v1/conversation/{id}/context`
`conversation:write`	`PATCH /v1/conversation/{id}`
`client:read`	All `GET` endpoints under `/v1/client`
`client:write`	All `POST` and `PATCH` endpoints under `/v1/client`
`user:read`	All `GET` endpoints under `/v1/user`
`address:read`	All `GET` endpoints under `/v1/address`
`address:write`	All `POST` and `PATCH` endpoints under `/v1/address`

Each endpoint’s required scope is also shown in the API Reference tab in the “Required permissions” callout under the endpoint summary.

Requesting scopes

When you request a key (see Authentication), describe what your integration will do. Support attaches the minimum set of scopes needed. Asking for “all scopes” will be rejected — least-privilege keys are the default.

Adding a new scope to an existing key

Email support@onevisionresources.com. Adding a scope does not change the key value; existing requests keep working while the new scope is attached.

​Scope naming

​Requesting scopes

​Adding a new scope to an existing key

Scope naming

Requesting scopes

Adding a new scope to an existing key