Home/API/OAuth Scopes
API Cheat Sheet Wiki

OAuth Scopes cheat sheet

Permission strings used to limit what an access token can do.

Quick lookup

read:userCheck exact spelling, casing, and the platform documentation for this field.
repoCheck exact spelling, casing, and the platform documentation for this field.
openidCheck exact spelling, casing, and the platform documentation for this field.
profileCheck exact spelling, casing, and the platform documentation for this field.
emailCheck exact spelling, casing, and the platform documentation for this field.
offline_accessCheck exact spelling, casing, and the platform documentation for this field.

Common mistakes

  • Debugging the client before checking the raw request and response
  • Ignoring headers that explain cache, auth, or rate limits
  • Treating browser CORS failures as generic API downtime
  • Logging tokens or webhook secrets while troubleshooting

Online tools