API Scopes Explained Growth+This feature requires the Growth+ plan or higher
API scopes control what an API key can access. When creating an API key, you select only the scopes your integration needs. This follows the principle of least privilege -- each key should have the minimum access required.
Available Scopes
Bookings
| Scope | What it allows |
|---|
bookings:read | View bookings, search bookings, retrieve booking details |
bookings:write | Create new bookings, update existing bookings, cancel bookings |
Products
| Scope | What it allows |
|---|
products:read | View products, inventory levels, and pricing information |
products:write | Create and update products, manage inventory units |
Experiences
| Scope | What it allows |
|---|
experiences:read | View experiences, schedules, and availability |
experiences:write | Create and update experiences, manage schedules |
Store
| Scope | What it allows |
|---|
store:read | View store products, categories, and inventory levels |
store:write | Create and update store products and categories, adjust inventory |
Customers
| Scope | What it allows |
|---|
customers:read | View customer profiles, booking history, and contact details |
customers:write | Create and update customer records |
Staff
| Scope | What it allows |
|---|
staff:read | View staff members, roles, and schedules |
staff:write | Manage staff records and assignments |
| Scope | What it allows |
|---|
waivers:read | View waivers, forms, and submitted responses |
waivers:write | Manage waivers and forms |
Surveys
| Scope | What it allows |
|---|
surveys:read | View surveys and responses |
surveys:write | Manage surveys |
| Scope | What it allows |
|---|
promotions:read | View promo codes, vouchers, and their usage |
promotions:write | Create and manage promo codes and vouchers |
Reports
| Scope | What it allows |
|---|
reports:read | Access revenue, booking, inventory, and customer reporting data |
Settings
| Scope | What it allows |
|---|
settings:read | View business settings, locations, and configuration |
settings:write | Update business settings |
Webhooks
| Scope | What it allows |
|---|
webhooks:read | View webhook configurations and delivery logs |
webhooks:write | Create, update, and delete webhooks |
Waitlist
| Scope | What it allows |
|---|
waitlist:read | View waitlist entries and their status |
waitlist:write | Manage waitlist entries |
MCP (AI Agents)
| Scope | What it allows |
|---|
mcp:access | Connect to EquipDash via the MCP protocol for AI agent integrations |
Choosing the Right Scopes
Here are some common integration scenarios and the scopes they typically need:
| Integration | Recommended Scopes |
|---|
| Website showing availability | products:read, experiences:read, store:read |
| Online booking form | bookings:read, bookings:write, customers:read, customers:write |
| Accounting sync (read-only) | bookings:read, reports:read |
| Full mobile app | All read and write scopes |
| Analytics dashboard | bookings:read, customers:read, reports:read |
| Customer data export | customers:read |
| Automated booking creation | bookings:write, customers:write, products:read, experiences:read |
Scope Categories
When creating an API key, scopes are grouped by category. You can:
- Select All in a category to enable all scopes in that group.
- Deselect All in a category to remove all scopes in that group.
- Select All / Deselect All at the top level to toggle everything at once.
Things to Keep in Mind
- A key without the required scope will receive a 403 Forbidden response for that endpoint.
- You can update scopes on an existing key without regenerating the key itself.
- Read scopes (
*:read) allow viewing data only. Write scopes (*:write) allow creating and modifying data but also include read access for those endpoints.
- For security, avoid giving a key more scopes than it needs.