App Permissions

OAuth scopes define what your app can access on behalf of users. Request only the permissions your app needs—users are more likely to approve apps that request minimal access.

Principle of Least Privilege

Only request scopes that are essential for your app's core functionality. You can always request additional permissions later if needed.

Forms

forms:read

Read form configurations, fields, and settings

forms:write

Create, update, and delete forms

Submissions

submissions:read

Read form submissions and responses

submissions:write

Create submissions programmatically

submissions:delete

Delete form submissions

Team

team:read

Read team information and member list

team:write

Manage team settings and members

Integrations

webhooks:manage

Create and manage webhook configurations

integrations:read

Read connected integrations

integrations:write

Connect and disconnect integrations

Requesting Scopes

Include the scopes you need in the authorization URL as a space-separated list:

scope=forms:read submissions:read webhooks:manage

Common Scope Combinations

Read-only Dashboard

View forms and submissions without making changes

forms:readsubmissions:read

Form Builder

Create and manage form configurations

forms:readforms:write

Full Integration

Complete access for building comprehensive integrations

forms:readforms:writesubmissions:readwebhooks:manage

OAuth Setup

Implement the authorization flow

App Review

Submit for marketplace listing