What are API access scopes?

Scopes are permissions that identify the scope of access an application will have to your Printify Merchant Account. In other words, an access scope determines what an application can do and in which part of your account (products, orders, etc.).

Below you can see the names and descriptions of access scopes that currently exist in Printify API.

Access scopes for Printify API are resource-based and can have read or write permissions. 

A resource in this context is a collection of data with a distinct set of characteristics. For example, products and orders in your account are two different resources.

⚠️ As we develop more functionality for Printify API, more resources and access scopes will be added.

Some resources can only be accessed to see data in them ("read" permission), while some can also allow data to be submitted to them ("write" permission) in addition to reading them.

Which access scopes will my application need?

Depending on what your goal is, your application might need only some access scopes, or it might need full access. It is important to keep in mind what functions specifically will this app perform.

If you yourself have software development experience or you have such a person on your team, then granting full access shouldn't be a problem. 

⚠️ Please note, if you have a previously generated full access token and we add new access scopes for our API, your token will not support these newly added scopes. You will need to generate a new token.

However, let's say you will have to hire an independent developer (could be a single person or maybe even a team of developers) to write a custom application for your Printify account. In that case, the best practice is to provide only the minimum number of scopes needed for this app to perform the functions you require. Consider data privacy and security when issuing access scopes.

As an example, let's consider a custom application that would allow you to create multiple products (products.write access scope) without having to log into your Printify account and doing all the manual work (uploading a design, positioning it, selecting variants, etc.) and that would be the sole purpose of the app. There would be no reason to grant access to that app for submitting orders (orders.write access scope) or even for just getting order information (orders.read access scope), thereby exposing customer data. 

To find out which scopes are required for each action possible through Printify API, check out our API documentation.

Generating multiple tokens with different access scopes

Based on your needs, your business might require multiple custom applications built that integrate with Printify API. In addition, it could also be possible that some of these applications would be developed by your in-house developers, while some developed by an outsourced software development team.

In such cases, the ability to generate multiple tokens with different access scopes will prove useful — you can provide one token to developers from your team and another token to the outsourced development team.

You can always easily check which scopes have been assigned to each token:

Did this answer your question?