Skip to content

API key scopes reference

This page lists every scope available when issuing a MapleGather API key, what it grants access to, and usage guidance.

Scopes follow the resource:action pattern. Grant only the scopes your integration actually needs — a key with excess scopes is a broader attack surface if the token is ever exposed.

Scope Grants access to Notes
members:read GET operations on member records Required by most integrations that read member data
members:write POST/PATCH/DELETE on member records The scope selector shows an advisory if you add members:write without members:read — the two are typically paired
payments:read GET operations on payment records
events:write Creating and publishing events (events_create, events_publish) Finer event mutations (sessions, ticket types, registrations, cancel) use separate events:* scopes; check the interactive docs for the full set
api_keys:read api_keys_list — view the org’s API key list (masked) Rarely needed by external integrations; typically used by admin tooling
api_keys:write api_keys_create, api_keys_rotate, api_keys_revoke Do not grant to non-admin integrations
webhooks:read webhook_endpoints_list, webhook_deliveries_list
webhooks:write webhook_endpoints_create, webhook_endpoints_test
webhooks:replay webhook_deliveries_replay
integrations:read integrations_list, integrations_get
integrations:write integrations_disconnect

The scope picker shows a non-blocking advisory if you select a write scope without the matching read scope for the same resource (for example, members:write without members:read). The advisory offers to auto-add the read scope. Most integrations that write data also need to read it; grant both unless you have a specific reason not to.

Start with the minimum scopes needed for your integration to work. You can always issue a second key or rotate the current key with an expanded scope list. A key with members:read and payments:read is the typical starting point for a read-only integration.