Authentication

Scopes

What are Scopes?

Scopes define what your API key can access and do within the Fanvue platform. Think of them as permissions that determine which resources your application can read from or write to.

When you request an API key, you’ll need to specify which scopes you need based on your application’s requirements. This ensures your application only has access to the data and features it actually needs, following the principle of least privilege for better security.

How Scopes Work

  • Permission Control: Each scope grants access to specific resources and actions
  • Request Validation: Every API request checks if your key has the required scopes
  • Error Handling: Requests without sufficient scopes return a 403 Forbidden error
  • Fixed Assignment: Scopes are set when your API key is issued and cannot be changed later

Available Scopes

The following table lists all available scopes organized by resource:

ResourceScopes
Userread:self
Chatread:chat, write:chat
Fanread:fan
Creatorread:creator

Scope Descriptions

read:self
Access your own user profile information, including basic account details and settings.

read:chat
Read chat conversations, messages, and chat-related data. This includes viewing chat lists and message history.

write:chat
Create new chats and send messages. This scope is required for any chat-related actions that modify data.

read:fan
Access fan-related data and information within the platform.

read:creator
Access creator profiles, content, and creator-specific information.

Requesting Scopes

When requesting an API key from your Fanvue representative, be sure to:

  1. List all required scopes for your application
  2. Explain your use case to help our team understand why each scope is needed
  3. Follow the principle of least privilege - only request scopes you actually need

If you need additional scopes later, you’ll need to request a new API key as existing scopes cannot be modified.

Error Handling

If your API key doesn’t have the required scopes for a request, you’ll receive:

1{
2  "error": "Insufficient scopes"
3}

This response comes with a 403 Forbidden HTTP status code. Make sure your API key includes all necessary scopes for the endpoints you plan to use.