OAuth Scopes


The access to the api can be exactly defined by using OAuth scopes.

Additionally, the bexio API checks the user rights. Therefore the user can only access resources, he has access to in the frontend.

Default Scopes

The bexio API does automatically add the scope general. This scope must not be explicitly applied for. By having the scope general the user has access to general entities like taxes or units


Please do only request scopes you need for your application. You are allowed to request multiple scopes per request. Multiple scopes have to be separated by a whitespace.

If you want to edit contacts and list invoices, you have to use the following scope string: contact_edit kb_invoice_show

Denial of scopes by the user

The user has full control on his data. Therefore he is able to remove scopes if he does not want to share the information. Please consider this in your implementation.

So it may be, that you request the scopes contact_show und task_show, but the user only accepts the scope contact_show. You will receive the accepted scopes in the response of the access token

Show and edit

If you request a scope to edit a resource, you will automatically receive the right to list and show this resource. Therefore by requesting the scope article_edit you do not have to apply for the scope article_show.

Available Scopes

Scope Description
article_show Show items / articles
article_edit Show and edit items / articles
calendar_show Show calendar entries
calendar_edit Show and edit calendar entries
contact_show Show contacts
contact_edit Show and edit contacts
kb_invoice_show Show invoices
kb_invoice_edit Show and edit invoices
kb_offer_show Show estimates (offers)
kb_offer_edit Show and edit estimates (offers)
kb_order_show Show orders
kb_order_edit Show and edit orders
lead_show Show leads
lead_edit Show and edit leads
monitoring_show Show timesheets
monitoring_edit Show and edit timesheets
note_show Show notes
note_edit Show and edit notes
task_show Show tasks
task_edit Show and edit tasks