API key scopes reference
This page lists every scope available when issuing a MapleGather API key, what it grants access to, and usage guidance.
Scope catalog
Section titled “Scope catalog”Scopes follow the resource:action pattern. Grant only the scopes your integration actually needs — a key with excess scopes is a broader attack surface if the token is ever exposed.
| Scope | Grants access to | Notes |
|---|---|---|
members:read |
GET operations on member records |
Required by most integrations that read member data |
members:write |
POST/PATCH/DELETE on member records |
The scope selector shows an advisory if you add members:write without members:read — the two are typically paired |
payments:read |
GET operations on payment records |
|
events:write |
Creating and publishing events (events_create, events_publish) |
Finer event mutations (sessions, ticket types, registrations, cancel) use separate events:* scopes; check the interactive docs for the full set |
api_keys:read |
api_keys_list — view the org’s API key list (masked) |
Rarely needed by external integrations; typically used by admin tooling |
api_keys:write |
api_keys_create, api_keys_rotate, api_keys_revoke |
Do not grant to non-admin integrations |
webhooks:read |
webhook_endpoints_list, webhook_deliveries_list |
|
webhooks:write |
webhook_endpoints_create, webhook_endpoints_test |
|
webhooks:replay |
webhook_deliveries_replay |
|
integrations:read |
integrations_list, integrations_get |
|
integrations:write |
integrations_disconnect |
Write-without-read advisory
Section titled “Write-without-read advisory”The scope picker shows a non-blocking advisory if you select a write scope without the matching read scope for the same resource (for example, members:write without members:read). The advisory offers to auto-add the read scope. Most integrations that write data also need to read it; grant both unless you have a specific reason not to.
Least-privilege recommendation
Section titled “Least-privilege recommendation”Start with the minimum scopes needed for your integration to work. You can always issue a second key or rotate the current key with an expanded scope list. A key with members:read and payments:read is the typical starting point for a read-only integration.