Permissions
Permissions of the Investment API are modelled as OAuth 2.0 scopes. You have to request them together with the OAuth 2.0 access token. Permissions are identified by string IDs, generally in the format {topic}:{action}.
See the full list of available permissions.
NOTE
It is strongly recommended to limit the number of permissions per access token to the absolute minimum necessary.
How permissions work
Actions
There are two {action}s available:
admin: Allows read-and-write access to the resources covered by the{topic}. In most (but not all!) cases, writing includes create, update and delete operations.read: Allows read-only access to the resources covered by the{topic}.
NOTE
- Only those
{topic}×{action}combinations are available, which cover actual API endpoints or operations. {topic}:adminonly includes update and/or delete if any corresponding API endpoints and operations are available.
Topics
The following {topic}s are available:
accounts: Accounts and account groupswebhooks: Webhooksorders: Ordersusers: (End) userschecks: User checks like KYC, POR, INSTRUMENT_FIT, and COMPLIANCEinstruments: Instrumentspositions: Positionsreference_accounts: Reference accountsmandates: Mandatespayments: Payins and withdrawal operationsreports: Reportstaxes: Tax residencies
Was this page helpful?
On This Page