Scopes allow API clients to request a specific set of permissions when requesting an access token. In other words, scopes allow your application's users to limit the actions third-party applications may perform on their behalf.
We define scopes that refer to the object which they grant access to, followed by the action on that object.
Some common objects are room, booking and user.
Currently, there are two types of action:
For example, to create a new room, you application should request the room:write scope when requesting access token.
Aditionally, a scope may contain the actor which is either user or admin. This influences how the action is
performed on Luxstay system. For example, to cancel a booking by administrators, your token should have the booking:write:admin scope.
To view all available scopes, you may use this link or refer to the following table.
| Scope | Description |
|---|---|
booking:read | Ability to access information related to bookings. |
booking:write | Ability to update information of bookings. |
room:read | Ability to access information related to rooms such as their basic information, pricing terms, calendar, etc. |
room:write | Ability to update information of rooms such as theirs structure, calendar, photos, pricing terms, etc. |