Part of the OAuth2 process requires specifying which parts of an account's data the app would like access to.
We advise you to limit the scope you request to only the permissions that are necessary for your app to function.
An application can ask for any of the following scopes:
– read_products, write_products : Access to Products, Price rules, Product Variants, Product Categories, Product Suppliers, Product Brands, Product Tags, Product Modifiers
– read_customers, write_customers : Access to Customers, Customer Addresses, Customer Lists, Customer Tags
– read_store_credit, write_store_credit : Access to Customer Store Credit
– read_sales, write_sales : Access to Sales, Payments and Fulfillments
– read_reports, write_reports : Access to Sales Data, Z Reports, Accounting exports, Cash counts
– read_inventory, write_inventory : Access to Inventory Levels, Stock Orders, Stock Transfers, Inventory Counts, Inventory Reorder Points
– read_calendar_events, write_calendar_events : Access to Calendar Events
– read_time_tracking, write_time_tracking : Access to Time Tracking
– read_kitchen_screen, write_kitchen_screen : Access to Kitchen Display System
– read_settings, write_settings : Access to Users, Stores, Warehouses, Payment Types, Taxes, Resources
Oauth is used to issue access tokens on behalf of users.
– The user makes a request to install the app,
– The required scopes of the app are displayed on the user screen before granting access to the app,
– the user consents to the scopes and is redirected to the redirect_uri of the app,
– the app makes an access token request to Hiboutik including the client_id, client_secret, and code,
– Hiboutik returns the access token and requested scopes,
– the app uses the token to make requests to the user account API,
– The app receives the requested data.
On request, we can provide you the framework to configure your own application.